ClawHub

TSW Shorts Factory

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be real YouTube Shorts automation, but it needs review because the packaged code has under-disclosed account-upload behavior, hard-coded paths, and an embedded API key.

Review and modify this before installing. Replace the hard-coded Pexels key and /root paths with your own configuration, require the missing YouTube uploader code to be included and audited, confirm whether uploads are private or unlisted, protect or remove ~/.yt_token.pickle when not in use, and only enable cron after you are comfortable with unattended uploads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill documentation instructs users to run shell commands, access local files, and make outbound network calls, yet no permissions are declared. This creates a transparency and consent problem: operators may invoke a skill with broader capabilities than expected, including reading local content, calling external APIs, and storing OAuth credentials.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The documentation is internally inconsistent: the skill metadata says uploads are created as drafts, but this file states uploads are unlisted by default. In an automation pipeline that publishes content to a real YouTube account, that mismatch can cause operators to expose videos to viewers without realizing it, leading to unintended public distribution of unreviewed or policy-violating content.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill promotes scheduled automated execution and uploads to external services but does not clearly disclose recurring outbound data transfers, local caching, and credential persistence. In automation contexts, missing disclosure can lead users to unknowingly authorize repeated publishing activity and storage of media/token artifacts on disk.

Missing User Warnings

High
Confidence
99% confidence
Finding
A hardcoded Pexels API key is embedded directly in source code, which risks credential leakage through source control, logs, backups, or downstream redistribution of the skill. Anyone who obtains the file can reuse the key, consume quota, impersonate the application, or create unexpected billing/account abuse depending on the provider configuration.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script persists OAuth credentials to a predictable file in the user's home directory without setting restrictive file permissions or warning that the token grants YouTube upload access. If another local user, process, backup system, or malware can read that file, the account could be abused to upload content as the authorized user.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal