Security audit

Canvas Claw

Security checks across malware telemetry and agentic risk

Overview

Canvas Claw is a coherent AI media-generation helper, but users should treat prompts, media files, passwords, and generated tokens as sensitive when using its remote service integration.

Install only if you trust the configured AI-video-agent server. Avoid putting real passwords directly in shell commands, do not paste or log the printed token publicly, prefer HTTPS endpoints, and do not submit confidential prompts or local media unless that service is approved for the data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The installation guide shows a login command that passes a plaintext password directly on the command line. This exposes credentials through shell history, terminal logging, and potentially process listings visible to other local users or monitoring tools. In the context of a skill that connects to an API service, leaked credentials could enable unauthorized access to the backend or account misuse.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill documentation states that it sends generation tasks to an external AI-video-agent, but it does not clearly warn users that prompts, reference images, and login credentials may be transmitted off-host. This creates a privacy and secret-handling risk because sensitive user content or credentials could be sent to a remote service without informed consent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The plan explicitly states that local media and prompts will be sent over HTTP to a remote AI-video-agent service, but it provides no user-facing disclosure, consent, or data-handling warning. Users may unknowingly upload sensitive local files or confidential prompts to an external service, creating privacy and compliance risk even if the transfer is functionally intended.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation introduces sensitive environment variables, including an API token, without guidance on secure storage, logging avoidance, or scope minimization. This can lead to accidental credential exposure in shell history, screenshots, debug output, or shared environments, enabling unauthorized use of the remote service.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script prints the extracted authentication token directly to stdout, which can expose credentials through terminal history, shell logs, CI/CD logs, process capture, or other monitoring systems. In this skill context, the token appears to grant access to the AI-video-agent service, so accidental disclosure could allow unauthorized use of the service under the victim's account or site.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal