ClawHub

Tencent MPS Video Dubbing

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a coherent Tencent Cloud video-dubbing helper, but it can upload local videos to cloud storage even during dry-run or unconfirmed runs.

Install only if you are comfortable with Tencent Cloud processing your selected videos. Use least-privilege Tencent credentials, prefer a dedicated skill-specific environment file, avoid broad shell profile credential loading, and do not use --local-file for dry-runs or unconfirmed previews unless you accept that the file may still be uploaded to COS.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The script allows Tencent Cloud SecretId and SecretKey to be passed on the command line, which is unsafe because command-line arguments are commonly exposed via shell history, process listings, job logs, and orchestration metadata. In this skill context, handling cloud media assets is expected, but accepting long-lived credentials this way unnecessarily increases credential exposure risk beyond what is needed for a download helper.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script automatically generates a 1-hour presigned GET URL for every uploaded object and later prints it to stdout. That expands access from internal bucket-based processing to bearer-token-style external read access, which is unnecessary for a video-dubbing upload helper and can expose private media if logs, terminals, or downstream systems capture the URL.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The script prints generic AIGC image/video parameters unrelated to the stated dedicated video-dubbing workflow, encouraging reuse of uploaded media across broader processing pipelines. In a narrowly scoped skill, this capability expansion increases the chance of unintended data sharing or misuse of user-provided media beyond the original purpose.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The loader reads configuration from the current working directory, ~/.env, ~/.bashrc, and ~/.profile instead of restricting itself to a skill-owned config source. This expands trust to unrelated files that may contain attacker-controlled values in shared or untrusted execution contexts, causing the skill to consume unintended credentials or endpoints.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The helper automatically uploads a local file to COS once invoked, using ambient credentials from environment variables, without any confirmation gate or stronger trust boundary. In an agent skill context, automatic remote transfer of a local path increases the risk of unintended disclosure of sensitive local files if a caller passes the wrong path or the capability is invoked unexpectedly.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
This function downloads all discovered outputs and writes them into a local directory using cloud credentials, with only limited interface warning about the breadth of files that may be written. In an agent setting, automatic filesystem writes can cause unintended persistence of sensitive media artifacts, overwrite-adjacent clutter, or storage abuse when callers treat the module as a read-only status checker.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal