ClawHub

free-kameo

Security checks across malware telemetry and agentic risk

Overview

This video-generation skill mostly does what it says, but it handles credentials and personal images in ways users should review carefully before installing.

Install only if you are comfortable sending selected images and dialogue to Kameo, and to Google Gemini when using enhanced generation. Use your own API keys, do not use the bundled example key, avoid passing real passwords to register.sh, and consider avoiding generate_enhanced.sh/enhance_prompt.sh until the unsafe input interpolation is fixed. Delete or rotate ~/.config/kameo/credentials.json when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (16)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation indicates use of environment variables, shell scripts, and network access, but no permissions are declared. This creates a transparency and consent problem: users may invoke a skill expecting simple local behavior while it actually reads secrets and communicates externally. In agent ecosystems, undeclared capabilities materially increase risk because they can bypass user expectations and policy controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The stated purpose is video generation, but the documentation also describes account registration, login/JWT handling, API-key creation, local credential storage, and third-party prompt enhancement. These are materially broader behaviors involving identity, secret handling, and external data transfer, which can surprise users and expand the attack surface beyond the declared function. Hidden or under-declared auxiliary capabilities are dangerous because they may collect credentials or transmit sensitive data without informed consent.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
Including registration helpers and JWT/API-key creation workflows goes beyond simple media generation and moves into credential lifecycle management. That increases risk because users may be prompted to create accounts or handle tokens without understanding the security implications, and such flows are often targeted for credential misuse or insecure storage.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The script performs behavior beyond the declared Kameo-only scope by sending the user-provided image and dialogue to a separate Gemini-based prompt-enhancement step. This creates an undeclared data flow to another model/provider, which can expose sensitive images or text and violate user expectations, consent, or platform policy even if the feature is functionally useful.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This script performs account registration, login, API key issuance, and local credential persistence, which materially expands the skill's behavior beyond simple video generation. While these actions may support onboarding, bundling identity and credential lifecycle operations into the skill increases the attack surface and can surprise users by handling sensitive secrets.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The capability to create accounts and mint API keys is not obviously necessary for the stated purpose of generating talking-head videos from existing credentials. Even if intended for convenience, undisclosed credential-management behavior is security-relevant because it collects passwords, obtains bearer tokens, and creates long-lived secrets.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation exposes a real-looking API key in plaintext in both environment-variable and JSON examples. Even if it is a test key, publishing live-looking credentials normalizes unsafe secret handling, risks actual unauthorized use if valid, and may lead users to hardcode sensitive tokens into files or shell history.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The description explains generation behavior but does not clearly warn that images and prompts are uploaded to an external API. This is dangerous because users may unknowingly transmit sensitive personal images, confidential text, or regulated data off-device under the mistaken assumption that processing is local.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This skill processes photos of people to generate animated talking-head videos, but it does not warn about biometric, likeness, consent, and impersonation risks. Such content can involve highly sensitive personal data and can be misused for deception or non-consensual manipulation, making omission of warnings materially risky.

Missing User Warnings

High
Confidence
99% confidence
Finding
The documentation contains a real-looking Kameo API key embedded in setup examples and a curl command, encouraging users to copy and persist secret material directly from the repo. If valid, the key could be abused to consume credits, access account resources, or expose the owner to billing and service misuse; even if invalid, normalizing this pattern trains unsafe credential handling.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The enhanced workflow sends user-supplied images, prompts, and authenticated requests to external services without warning users that personal images and text will leave the local environment. In a skill centered on avatar generation from photos, that omission is more dangerous because inputs often contain biometric or personally identifying content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends the full user-supplied image to the external Gemini API, but only prints a generic 'Analyzing image with Gemini...' message rather than obtaining explicit informed consent or clearly warning that image content will leave the local environment. Because this skill processes portraits/avatars, the transmitted data may include sensitive biometric or personal information, making undisclosed third-party transfer a real privacy and compliance risk.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script prints the generated API key directly to stdout, which can expose the credential through terminal scrollback, shell logging, CI logs, screen sharing, or transcript capture. A leaked API key can allow unauthorized use of the user's Kameo account or billed resources until revoked.

External Transmission

Medium
Category
Data Exfiltration
Content
curl -H "X-API-Key: kam_..." https://api.kameo.chat/api/public/credits

# 生成视频
curl -X POST https://api.kameo.chat/api/public/generate \
  -H "X-API-Key: kam_I3rdx43IymFNbfBw1c0ZbSc7o3aUfQgz8cljZA6T7fs" \
  -H "Content-Type: application/json" \
  -d @request.json
Confidence
98% confidence
Finding
https://api.kameo.chat/

Credential Access

High
Category
Privilege Escalation
Content
# 或保存到配置文件
mkdir -p ~/.config/kameo
cat > ~/.config/kameo/credentials.json << EOF
{
  "api_key": "kam_I3rdx43IymFNbfBw1c0ZbSc7o3aUfQgz8cljZA6T7fs"
}
Confidence
97% confidence
Finding
credentials.json

Session Persistence

Medium
Category
Rogue Agent
Content
export KAMEO_API_KEY="kam_I3rdx43IymFNbfBw1c0ZbSc7o3aUfQgz8cljZA6T7fs"

# 或保存到配置文件
mkdir -p ~/.config/kameo
cat > ~/.config/kameo/credentials.json << EOF
{
  "api_key": "kam_I3rdx43IymFNbfBw1c0ZbSc7o3aUfQgz8cljZA6T7fs"
Confidence
93% confidence
Finding
mkdir -p ~/.config/kameo cat > ~/.config

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal