Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
videomp3word MCP
v1.1.3Ships and explains the videomp3word MCP server, including autonomous bot access, direct payment capabilities, one-endpoint media conversion, token billing, a...
⭐ 0· 99·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the implementation: an Express/Stdio MCP server that proxies conversions to an upstream videomp3word service, exposes token-based billing, and optionally gates paid tools. Declared env vars (session cookie, API key, access keys, host/port, public base URL) align with the server's needs and package.json 'mcp' metadata. No unrelated binaries or credentials are requested.
Instruction Scope
SKILL.md runtime instructions focus on running the MCP server and configuring environment variables. The code only reads the declared env vars and performs upstream requests to the configured VIDEOMP3WORD_BASE_URL. It does not instruct the agent to read other system files or unrelated credentials. The README and SKILL.md explicitly warn that the session cookie will be used to spend upstream tokens and recommend gating with MCP_ACCESS_KEYS.
Install Mechanism
No external download URLs or non-standard install steps are present. The package is a normal Node project (package.json, dependencies: @modelcontextprotocol/sdk, express, zod). The repository includes source and tests. There is no extract-from-arbitrary-URL install behavior.
Credentials
The only required secret is VIDEOMP3WORD_SESSION_COOKIE, which is consistent with the stated purpose because the server spends the upstream account's tokens. This is a high-sensitivity credential (the project repeatedly warns of this). Other env vars are optional and justified. Because the required credential can be used to spend tokens, the user should only deploy with a dedicated upstream account and enable MCP_ACCESS_KEYS before public exposure.
Persistence & Privilege
The skill does not request always:true and follows normal autonomous-invocation defaults. It doesn't modify other skills or system-wide configs. Artifacts are kept in-memory and auto-expire; the server is a standard long-running service with expected privileges for a network proxy.
Assessment
This package is coherent with its description: it proxies conversion requests to a videomp3word upstream account and requires a session cookie that can spend that account's token balance. Before installing or deploying: (1) do NOT use a personal or production browser session cookie — create a dedicated upstream account for this MCP and use its session cookie; (2) set MCP_ACCESS_KEYS (and test enforcement) before exposing the service publicly so unauthorized bots can't spend tokens; (3) verify VIDEOMP3WORD_BASE_URL and VIDEOMP3WORD_ALLOWED_UPSTREAM_HOSTS to avoid misconfiguration; (4) publish a PUBLIC_BASE_URL only if you understand artifact link exposure; (5) review the package source yourself (no homepage is provided in registry metadata) and consider running the included smoke tests locally; (6) monitor upstream token usage and rotate the session cookie if you suspect abuse. The code includes DNS and private-IP checks to mitigate SSRF, but dependencies (express, SDK packages) should be kept up to date and audited as usual.Like a lobster shell, security has layers — review code before you run it.
latestvk97d3yqdpmyqe31bxesnax6t9h83yq3x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.