ClawHub

Doubao API Toolkit

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Doubao/Volcengine media toolkit, but it can upload user-selected local video files and other prompts/media to a third-party API without a clear privacy warning or point-of-use confirmation.

Install only if you are comfortable sending prompts, image URLs, and any local video files you choose to analyze to Volcengine/Doubao. Avoid confidential, regulated, proprietary, or third-party media unless you have permission, and prefer an updated version that adds explicit upload warnings, consent before local file transmission, and corrected image-to-image documentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documents use of environment variables and outbound API calls, but it does not declare corresponding permissions. Missing permission declarations undermine least-privilege review and can cause users or platforms to underestimate that the skill can read secrets from the environment and send data over the network. In a toolkit that processes prompts, URLs, and local media for a third-party API, that gap materially affects trust and reviewability.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The declared purpose does not accurately match the described functionality: undocumented video analysis, image-to-video generation, and status-checking expand the operational surface, while claimed image-to-image support appears unimplemented. Description-behavior mismatches are dangerous because reviewers and users may approve or invoke a skill under incorrect assumptions about what data it handles and what actions it can perform. Here, the hidden/omitted behaviors all involve external processing of user data and media, increasing the risk of unintended disclosure or misuse.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill metadata emphasizes image/video generation and vision analysis, but the code also implements local video analysis by reading a local file, base64-encoding it, and sending the full contents to a remote API. This hidden capability creates a transparency and consent problem because users may not realize local files are being uploaded off-device.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explains API-key setup and output storage but does not clearly disclose that prompts, image URLs, local video files, and generated content are sent to the external Doubao/Volcengine ARK service. This is a real security and privacy issue because users may submit sensitive text or local media without understanding that third-party transmission and processing will occur. The context makes this more dangerous because the skill explicitly supports local video analysis, so potentially private local files may be uploaded off-host.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The analyze_video function reads an arbitrary local video file and transmits its entire contents to the remote chat/completions API without any warning, consent flow, or data-minimization controls. This can expose sensitive local media, including personal, proprietary, or regulated content, to a third party unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal