ClawHub

Video Content Analyzer (Batch)

Security checks across malware telemetry and agentic risk

Overview

The main video-analysis workflow is plausible, but the package needs review because it includes unrelated agent/watch/browser instructions and uses powerful database and publishing credentials with limited user controls.

Review before installing. Use only non-sensitive test videos first, provide least-privilege Supabase and Feishu credentials, verify the target wiki space, and remove or ignore the unrelated heartbeat, memory, and nested browser-skill files unless you explicitly want those agent behaviors included.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises meaningful access to environment variables, local files, and networked services, but it does not declare permissions explicitly. This weakens user and platform visibility into what the skill can access, making it easier for a user to invoke a workflow that reads local media, uses privileged credentials, and sends data externally without clear consent boundaries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior understates the actual data handling: beyond analysis and publishing, the skill stores records in Supabase, writes extracted frames locally, tracks batch-job state, and persists publication metadata. That mismatch is security-relevant because users may not realize their videos, derived images, metadata, and URLs are being retained across multiple storage systems, increasing privacy, compliance, and data-exposure risk.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The heartbeat defines a persistent watch on an incoming workspace directory and directs the agent to maintain dealdesk review tracker and summary files, which is unrelated to the declared video-content analysis purpose. This kind of scope mismatch is dangerous because it can repurpose the skill into monitoring and modifying business workflow artifacts, enabling covert data access, unauthorized process manipulation, or hidden persistence under an innocuous skill name.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Continuous directory watching and workflow-tracker maintenance create an always-on behavior that exceeds the expected boundaries of a video analysis skill. Even without explicit code execution, this introduces unauthorized monitoring and ongoing file modification capabilities that could be used to surveil incoming documents, alter review status artifacts, or conceal non-video operational behavior.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README advertises automatic web search, Supabase storage, and Feishu Wiki publishing, but it does not clearly warn users that video-derived content and metadata may be transmitted to third-party services. In a workflow that processes potentially sensitive video material, this omission can lead users to unknowingly exfiltrate confidential data, screenshots, OCR output, or identifiers to external systems.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description says it searches the web, stores results, and publishes reports, but it does not clearly warn that video-derived content and metadata may be sent to external services and third-party platforms. In a video-analysis context, frames can contain sensitive visual data, and silent transfer or publication materially raises confidentiality and privacy risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The environment section lists highly sensitive credentials, including a Supabase service role key and Feishu secrets, without warning about their privileged nature or safe operational handling. That is dangerous because operators may supply overprivileged secrets casually, increasing the blast radius if the skill is misused, logged improperly, or combined with undeclared network capabilities.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly demonstrates saving and loading browser authentication state (`auth.json`, `admin-auth.json`, `user-auth.json`) without any warning that these files may contain reusable cookies, tokens, and local/session storage artifacts. In an agent context, this encourages insecure handling of credential material that could be copied, persisted, or exfiltrated, enabling account takeover or unauthorized reuse of authenticated sessions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill advertises direct access to cookies and localStorage operations without any caution about the sensitivity of browser data. In a headless automation skill used by agents, these capabilities can expose session identifiers, CSRF tokens, and other secrets, making accidental leakage or intentional misuse significantly easier.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The workflow publishes analyzed video-derived content to Feishu Wiki as a default core step, but the code shows no consent gate, warning, classification check, or policy control before external transmission. In a video-analysis skill, extracted frames, metadata, and search-derived summaries may contain sensitive or proprietary information, so silent publication increases the risk of unintended data disclosure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
User-derived image descriptions are embedded into search queries and sent to Google, which transfers potentially sensitive content from local video analysis to a third-party service. In a video-content analyzer, extracted descriptions may contain personal, confidential, or regulated information, making undisclosed outbound transmission a meaningful privacy and data-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal