ClawHub

Hailuo Gyh

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward MiniMax video-generation helper, but users should know it sends prompts and image references to MiniMax and uses their own API key.

Install only if you intend to use your own MiniMax API key and are comfortable sending prompts, image URLs or path strings, and any subject-reference face images to MiniMax. Do not rely on the claim that an API key is built in; treat that as stale or incorrect wording, and avoid sensitive face images unless you have consent and understand MiniMax's data handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Tainted flow: 'download_url' from requests.get (line 120, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
print(f"📥 正在下载视频至 {output_path}...")
    with open(output_path, "wb") as f:
        video_response = requests.get(download_url)
        video_response.raise_for_status()
        f.write(video_response.content)
    print(f"✅ 视频已保存: {output_path} ({os.path.getsize(output_path) / 1024:.0f} KB)")
Confidence
91% confidence
Finding
video_response = requests.get(download_url)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation indicates use of environment variables and outbound network access to call the MiniMax API, but it does not declare corresponding permissions. That mismatch weakens transparency and trust boundaries for users and tooling, making it easier for a skill to access secrets and transmit data without clear disclosure, even if the stated functionality legitimately needs those capabilities.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The metadata states that the API key is 'built in' and describes the skill as a dedicated personal version, which strongly suggests credential embedding or distribution of shared secrets inside the skill package. Embedding provider API keys in published metadata or code is dangerous because anyone with access to the skill may reuse the credential, incur charges, or abuse the linked account; the contradiction with the documented requirement to supply MINIMAX_API_KEY also indicates poor secret-handling practices.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill supports a subject-reference mode using face photos, which involves highly sensitive biometric/personal data, but the description provides no privacy warning or handling guidance. Users may upload face images without understanding retention, third-party processing, consent requirements, or the privacy risks of sending such data to an external API.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal