ClawHub

Ai Animation Studio

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AI animation workflow, but users should treat it as a media-generation tool that sends prompts to external services and processes downloaded media locally.

Install only if you are comfortable sending story text, prompts, and generated media requests to Doubao/Volcengine and TTS services. Use a limited API key, review the doubao-media dependency and hard-coded Windows resource paths, run it in a dedicated output folder, and avoid placing unrelated private files under D:\AI视频资源.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Tainted flow: 'image_url' from requests.post (line 87, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
# 下载图片
        local_path = self.output_dir / f"scene_{scene_id}.jpg"
        img_response = requests.get(image_url, timeout=30)
        with open(local_path, "wb") as f:
            f.write(img_response.content)
Confidence
94% confidence
Finding
img_response = requests.get(image_url, timeout=30)

Tainted flow: 'video_url' from requests.get (line 140, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
# 下载视频
                local_path = self.output_dir / f"scene_{scene_id}.mp4"
                video_response = requests.get(video_url, timeout=120)
                with open(local_path, "wb") as f:
                    f.write(video_response.content)
Confidence
95% confidence
Finding
video_response = requests.get(video_url, timeout=120)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The method embeds subtitle_text directly into an ffmpeg drawtext filter expression without proper escaping for ffmpeg filter syntax. An attacker-controlled subtitle containing characters such as quotes, colons, backslashes, or filter separators can break out of the intended text context and alter filter behavior, causing command failure, unexpected processing, or potentially dangerous secondary file/protocol interactions through ffmpeg features.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are very broad and map to common animation-related user requests, which can cause the skill to activate unexpectedly outside a clearly scoped invocation boundary. In an agent environment, over-broad activation increases the chance of unintended workflow execution, surprise tool usage, or context hijacking when a user only wants general discussion rather than full automation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal