ClawHub

doubao-media

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Doubao/Volcengine media generator; it uses an API key, sends prompts or image URLs to the provider, and saves generated media locally, with no evidence of hidden or destructive behavior.

Install only if you intend to use Volcengine ARK and are comfortable sending prompts and optional image URLs to that service. Keep ARK_API_KEY in the environment, avoid sensitive prompts or private image URLs, and expect generated media to be saved locally under ~/.openclaw/workspace/output. The advertised auto-send behavior should be treated as unreliable because the script appears to only print the saved file path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The documented behavior does not cleanly match the stated purpose: the skill also supports image-to-video, task-status polling, and local file storage, while the claimed 'auto-send to chat' behavior appears undocumented or unsubstantiated. This can mislead users about what data is stored, what external resources are contacted, and what content may be shared, undermining informed consent and safe use.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
Automatically sending generated media into a conversation is a data-sharing action that may expose sensitive prompts or generated content to other participants, logs, or downstream systems. Because the skill advertises this as a convenience feature without a prominent warning or consent boundary, users may unintentionally disclose material they expected to remain local.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Accepting an arbitrary image URL for image-to-video can cause the tool or provider to fetch external content, which may leak the user's IP/addressing metadata, disclose private URLs, or transmit sensitive images to a third party. Without warnings or restrictions, users may supply internal, signed, or confidential URLs and unintentionally expose them outside their trust boundary.

Missing User Warnings

Medium
Confidence
74% confidence
Finding
The skill silently stores generated media under a persistent workspace directory without informing the user at the point of use. In an agent/tooling context, unexpected local persistence can expose sensitive prompts or generated content to later sessions, other tools, or local users who can access that workspace.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal