ClawHub

Wuli Skill

Security checks across malware telemetry and agentic risk

Overview

This Wuli media-generation skill matches its stated purpose, but it needs review because it can fetch arbitrary URLs, re-upload their contents, and automatically open downloaded results.

Install only if you trust Wuli.art with the prompts and media you choose to provide. Avoid private files, confidential media, localhost/private-network/metadata URLs, and third-party media you are not authorized to process. Be aware that broad image/video requests may route through this skill, it may consume Wuli credits, and downloaded outputs may be opened automatically by local applications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Findings (8)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
system = platform.system()
    try:
        if system == "Darwin":
            subprocess.Popen(["open", filepath])
        elif system == "Windows":
            os.startfile(filepath)
        elif system == "Linux":
Confidence
88% confidence
Finding
subprocess.Popen(["open", filepath])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
elif system == "Windows":
            os.startfile(filepath)
        elif system == "Linux":
            subprocess.Popen(["xdg-open", filepath])
    except Exception:
        pass
Confidence
88% confidence
Finding
subprocess.Popen(["xdg-open", filepath])

Tainted flow: 'put_req' from pathlib.Path.read_bytes (line 132, file read) → urllib.request.urlopen (network output)

High
Category
Data Flow
Content
put_req = urllib.request.Request(upload_url, data=media_data, method="PUT")
    put_req.add_header("Content-Type", "application/octet-stream")
    with urllib.request.urlopen(put_req, timeout=120) as _:
        pass

    print(f"Upload complete: {public_url}")
Confidence
93% confidence
Finding
with urllib.request.urlopen(put_req, timeout=120) as _:

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill includes functionality to download arbitrary remote media URLs and re-upload them, which is broader than necessary for ordinary prompt-based generation. In an agent context, this materially increases risk because it can be used as a network pivot to access internal-only services or to transfer retrieved data off-host.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Automatically opening downloaded files is unnecessary for the core purpose of generation and download, and it increases attack surface on the host. Because the content originates from a remote service and may be attacker-influenced through prompts or supplied references, invoking local viewers can expose the system to malicious media or unsafe protocol/file associations.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrase "wuli" is overly broad and context-free, so it can be matched accidentally in unrelated conversations. Accidental invocation is risky here because the skill can upload local files, send prompts and media to a third-party API, and perform downloads and shell-based opening actions without the user clearly intending to call this tool.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Several triggers such as "generate image," "generate video," "edit image," and "create artwork" are generic user requests that overlap with normal assistant usage. In a skill that performs networked media uploads/downloads and may handle local files, broad triggers increase the chance of unintended activation and data egress to an external service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly instructs users to fetch third-party media and re-upload it to Wuli OSS, but it provides no warning about consent, copyright, privacy, or handling of personal/sensitive content. This can lead users to exfiltrate others' media into the platform without authorization, creating privacy, compliance, and data-handling risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal