ClawHub

短视频去水印下载。检测到抖音、快手、小红书、B站、微博、西瓜视频等平台链接时,自动解析并下载无水印视频,直接发送文件给用户。

Security checks across malware telemetry and agentic risk

Overview

This video downloader matches its stated purpose, but it automatically sends detected links to a third-party service and stores downloaded videos in a publicly served directory without clear consent, limits, or cleanup.

Review before installing. Use this only if you are comfortable with video links being processed automatically, sent to qyapi.ipaybuy.cn, downloaded to a server directory, and potentially exposed through public HTTP links. Prefer a version that requires explicit confirmation, stores credentials outside source code, validates supported domains, limits file size/type, uses private or expiring delivery links, and cleans up old media.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill performs network-capable behavior via an external parsing/downloading flow, but does not declare permissions or transparently communicate that capability. Undeclared network access weakens user and platform oversight and can hide data exfiltration or other outbound requests involving user-supplied links.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented behavior understates significant actions: sending user links to a third-party API, storing downloaded media on a server, and exposing content via a public URL. This mismatch is security-relevant because users and reviewers cannot accurately assess privacy, retention, and distribution risks from the stated description.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Automatic execution on any recognized platform link is overly broad and can trigger on incidental, quoted, or forwarded content without clear user intent. In this skill, unintended activation is more dangerous because it can cause external transmission of URLs and downloading/storing media without an explicit user action or confirmation.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill states that it uses a third-party API for parsing but does not warn users that their provided links will be transmitted outside the local system. This creates a privacy and compliance risk, especially because links may embed identifiers, private tokens, or reveal sensitive viewing/sharing activity.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill stores downloaded media in a web-served directory and may provide a public HTTP download URL, but this exposure is not clearly disclosed to users. Public hosting of downloaded content can leak user-requested media, create unauthorized redistribution risk, and expose files to anyone who can guess or obtain the URL.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script sends user-supplied video URLs together with embedded app credentials to a third-party API service. This creates a real privacy and data-governance risk because users are not informed that their links are disclosed externally, and the hardcoded credential also increases the blast radius if the script or logs are exposed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script downloads remote content to local disk and then constructs a public URL for direct hosting without any access control, retention policy, or user warning. This can unintentionally expose downloaded media to anyone who can guess or access the URL, and it may also create storage-abuse or illegal-content hosting risk in an agent environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal