ClawHub

Hyperframes Video Studio

Security checks across malware telemetry and agentic risk

Overview

This is a coherent video-building skill, with expected cautions around cached project data, selected-file ingestion, and optional network dependencies.

Install only if you are comfortable with a local video tool that caches selected file metadata and excerpts. Use narrow asset folders, avoid confidential narration with Edge-TTS unless you accept remote TTS processing, review or delete .cache after sensitive projects, and confirm the npm install only if you trust the Hyperframes package source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The docstring describes the script as checking or installing locally, but the install path actually performs a networked npm package fetch from an external source. In an agent/skill context, this can mislead operators into treating the action as a harmless local setup step when it introduces software supply-chain risk and executes package install scripts.

Intent-Code Divergence

Low
Confidence
89% confidence
Finding
The CLI help says installation should run only after user confirmation, but the code enforces no confirmation mechanism before performing npm install. In an agent setting, another component could invoke --install non-interactively, causing unapproved external downloads and execution of package installation behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script builds and persists a manifest containing absolute file paths, hashes, MIME types, sizes, and extracted text excerpts from user-supplied files, but there is no consent gate, redaction, or minimization before writing that data to disk. In a skill context, this can unintentionally collect sensitive local data from arbitrary paths and leave it cached in .cache/assets, creating a confidentiality and privacy risk even though the code does not exfiltrate data itself.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The script emits detailed host fingerprinting data, including OS version, machine architecture, Python version, load average, tool availability, and local paths, without any explicit consent or minimization. In a skill context, this can unnecessarily expose environmental details to logs or upstream consumers, which can aid reconnaissance or leak sensitive operational metadata.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
When provider is auto or edge-tts, the code may send user-supplied narration text to a remote TTS service without any explicit disclosure or consent mechanism. In a skill context, prompts and generated content can contain sensitive business or personal data, so silent transmission to a third party creates a real privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code writes a project JSON, an HTML render directory, and copies referenced assets into the output directory automatically during `build_project`, before any explicit user confirmation gate. Because the generated files include absolute source paths, asset metadata, manifest excerpts, and potentially embedded base64 asset contents, a user may unintentionally persist sensitive local data to disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The generated HTML imports GSAP from a public CDN at runtime, causing outbound network access when the HTML is opened or rendered. This can leak usage metadata such as IP address, timing, and environment details, and it creates a supply-chain dependency on externally hosted script content for a locally generated project.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal