ClawHub

Media Orchestrator

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims: it downloads requested media and can send it through configured WhatsApp or Telegram integrations, with privacy and cleanup considerations users should understand.

Install only if you are comfortable with an agent downloading requested media into the OpenClaw workspace, invoking local media tools, and sending resulting files through configured WhatsApp or Telegram accounts. Confirm recipients before use and periodically clean the workspace because the artifacts do not show automatic deletion or file-size limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation phrases are broad natural-language intents such as 'send audio file song' and 'play [spotify track or url]', which can match loosely phrased user input and trigger network downloads and file transmission. In a media orchestration skill, this ambiguity is more dangerous because the resulting actions are side-effectful: fetching remote content, storing it locally, and sending it to third-party platforms.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that it downloads media into the workspace, dispatches files to WhatsApp/Telegram, and persists Spotify metadata JSON, but it omits user-facing warnings about storage, transmission, retention, and third-party data exposure. Users may not realize their requested content and metadata are being written to disk and sent externally, which raises privacy, compliance, and accidental data-leak risks.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manifest grants executable access and filesystem read/write while advertising media download and delivery behavior, but it does not clearly warn users that the skill can invoke local tools and write downloaded content to disk. In a media-handling skill, these permissions may be operationally necessary, but the lack of explicit disclosure increases the risk of unexpected downloads, storage consumption, and execution of external binaries without informed consent.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill downloads user-requested media into a persistent workspace path and then transmits it, but there is no notice, consent, retention control, or cleanup. In an agent environment, this can expose sensitive user interests or downloaded content to other components, operators, or later sessions if the workspace is shared or inspected.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code performs external network retrieval via yt-dlp and then forwards the resulting media to a chat target without any explicit warning about third-party requests, storage, or transmission. In this skill's context, that increases privacy and compliance risk because user queries and media requests may be exposed to external services and persisted locally before delivery.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal