ClawHub

videomp3word MCP

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it runs a media-to-knowledge MCP/HTTP server, but users must understand that media URLs, transcripts, and optional model inputs leave the local environment.

Install only if you are comfortable providing a dedicated videomp3word session cookie and sending media URLs, transcript text, and optional knowledge-model prompts to the configured external services. Set MCP_ACCESS_KEYS, use NODE_ENV=production for exposed deployments, prefer localhost or authenticated infrastructure, use a dedicated upstream account, and define retention controls if enabling MongoDB.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares environment variables and explicitly relies on outbound network access to remote transcription and knowledge-model endpoints, but no permissions are declared to communicate that capability to users or the platform. This creates a real security transparency issue: operators may supply sensitive cookies, API keys, media URLs, and transcript content without clear permission gating, increasing the risk of unintended data exfiltration to external services.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This code sends substantial transcript content and chunk text to an external model service via `modelClient.generateJson(...)` without any evidence in this file of consent gating, redaction, or disclosure. Because transcripts may contain sensitive spoken content, URLs-derived media content, names, tasks, and entities, forwarding them to a third-party model can create privacy, compliance, and data-handling risks if users are unaware or have not opted in.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
This code sends the user-supplied media source URL to an external transcription service via `upstreamClient.transcribe(sourceUrl, ...)` without any indication in this component of consent checks, disclosure, or URL sanitization. Because source URLs can embed sensitive tokens, signed links, internal endpoints, or private resource locations, forwarding them upstream can leak secrets or private data to a third party and may also enable SSRF-like access patterns if upstream behavior is permissive.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal