ClawHub

Gen Video

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate skills.video integration, but one helper can send the user’s API key to an arbitrary URL if misused.

Install only if you trust the skills.video publisher and intend to use a paid external video-generation API. Keep endpoints and base URLs limited to documented open.skills.video paths, avoid feeding untrusted OpenAPI specs or full URLs into the helper, and do not submit sensitive prompts or proprietary content unless you are comfortable with the provider receiving them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly requires environment access, file reads, shell execution, and outbound network calls, yet it does not declare corresponding permissions in a dedicated permissions model. This creates a transparency and governance gap: operators may enable the skill without understanding its effective capabilities, increasing the chance of unintended secret access, shell misuse, or unreviewed external requests.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill instructs users to send prompts and payloads to a third-party video generation API but provides no warning about privacy, retention, or handling of submitted content. Users may unknowingly transmit sensitive prompts, personal data, proprietary media instructions, or regulated information to a remote service, creating confidentiality and compliance risk.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The default prompt uses a very generic activation pattern, 'Use $ai-video to create videos of {subject},' which can cause the skill to be invoked for a wide range of loosely related requests without clear scoping or safety constraints. In a skill that issues video-generation REST requests, overly broad triggering increases the chance of unintended activation, misuse for disallowed content generation, or accidental routing of ambiguous user requests into an external action-capable workflow.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script emits raw SSE and error payloads directly to stdout, including full API responses and status events. In an agent/skill context, stdout is often captured in logs, traces, or user-visible tool output, so sensitive prompt contents, URLs, identifiers, or returned metadata may be unintentionally disclosed.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal