ClawHub

VibeVideoIO AI Script to Video

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it claims, but it uses real VibeVideo/Bollo account sessions and sends scripts to that service.

Install only if you are comfortable letting OpenClaw operate your bollo.video or vibevideo.io Studio account. Pick the site explicitly, avoid submitting sensitive scripts unless intended, and use --no-save or logout if you do not want the local session token retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The manifest advertises account-management capabilities such as access overview, sub-user management, and token-policy updates that go materially beyond the stated skill purpose of login, project listing, video creation, and logout. Even if not all are wired into the OpenClaw provider today, defining them in the capability catalog increases the chance of accidental exposure, future overbinding, or unauthorized invocation by another integration path.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest includes generic tool-generation endpoints and a writable service-flag control unrelated to the described script-to-video workflow. This broadens the attack surface and creates confused-deputy risk, where an agent or future provider binding could trigger actions the user did not intend or that bypass product-level separation of duties.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Sub-user creation, update, and deletion are sensitive administrative actions with clear privilege and account-governance impact, and they are unjustified by the advertised user-facing function of making videos. In an agent context, exposing these capabilities is especially dangerous because natural-language requests can be misinterpreted or abused to alter account access for additional principals.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
A service-flag mutation endpoint allows changing operational behavior and is not aligned with the skill's stated purpose. Exposing configuration toggles through an agent-facing manifest can let users or malicious prompts influence backend state in ways that affect availability, integrity, or rollout posture beyond their own content-generation task.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Broad invocation language at the metadata level can cause the agent to select this skill for loosely related user requests, even when the user did not clearly ask to access third-party accounts or external video-generation services. In a skill that performs login and project operations, overbroad routing raises the chance of unnecessary credential handling, unintended actions, or user-confusing privilege escalation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The 'When To Use' section uses generic phrases like creating or generating an AI video without clear constraints, which can over-match many normal creative requests. Because this skill is connected to login-backed Studio operations, ambiguous activation criteria make unintended external service use more dangerous than in a purely local content-generation tool.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
Routing users to a specific site based solely on language input creates implicit account and data-flow decisions without explicit consent. This is risky because the two domains may involve different accounts, privacy expectations, jurisdictions, or backend behavior, and the skill is designed to perform authenticated operations once routed.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The default prompt includes very broad trigger phrases such as "create a video" and "make me a video," which can cause the skill to be invoked for generic video-related requests without clear user intent to use this specific external service. Because the skill can perform account login and project actions on bollo.video or vibevideo.io, overbroad invocation increases the risk of unintended account access, data exposure, or actions on the wrong platform.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The manifest instructs the agent to choose bollo.video for Chinese requests and vibevideo.io for English requests unless the user explicitly specifies a site, which makes a service-selection decision on the user's behalf. This can route users to an unintended domain, create privacy and consent issues, and lead to account actions or content submission on the wrong service without explicit opt-in.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The manifest description states that Chinese requests default to bollo.video and English requests default to vibevideo.io unless explicitly overridden, which implies routing users to different third-party services based on inferred language rather than explicit user choice. This can create privacy, consent, and expectation issues because users may be sent to a different service endpoint without clear opt-in, and language is an unreliable proxy for jurisdictional, trust, or account preference.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The invocation rules are broad enough to match ordinary requests like 'make a video for me' or pasted scripts, which can trigger a high-impact skill that performs login and account actions on external services. In an agent environment, overbroad routing increases the chance of unintended activation, causing actions against third-party accounts without sufficiently explicit user intent for authentication, project access, or content submission.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that CAPTCHA images are saved locally and tokens are stored in a local session file, but it does not present this as a clear user-facing warning before login. This creates a privacy and credential-handling risk because users may not realize authentication artifacts and challenge images persist on disk beyond the immediate interaction.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
Automatically selecting bollo.video or vibevideo.io based on detected language can send users to a different service domain than they intended without explicit consent. Because this skill performs authentication and content creation, silent site selection increases the risk of credential submission, data exposure, or account actions on the wrong platform.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal