ClawHub

Upload video to AIOZ Stream

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real AIOZ/W3Stream video upload helper, but it also exposes broader account actions and weak secret-handling guidance that users should review before installing.

Install only if you are comfortable giving the agent AIOZ/W3Stream API credentials that may permit more than uploading. Use least-privilege or temporary keys if available, avoid placing secrets in shell commands or logs, and require explicit confirmation before any listing, updating, thumbnail replacement, or deletion of existing videos.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill documentation broadens from upload-only behavior into general video-management actions, including thumbnail upload, metadata update, listing, and deletion. This unjustified expansion increases attack surface and can enable unintended account operations with the same provided API keys.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Documenting video deletion in an upload-focused skill is dangerous because it introduces a destructive operation unrelated to the primary task. With valid API keys, an agent following broad instructions could delete user assets unexpectedly or through prompt confusion.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The file metadata names the skill as "w3stream-video-upload" while the surrounding skill context describes an AIOZ Stream uploader, creating a service-target mismatch. This can mislead reviewers, operators, or downstream automation about which external platform receives uploaded videos, increasing the risk of accidental data disclosure, misuse of credentials, or approval of a skill under false assumptions.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The script requires and handles both public and secret API keys for a capability unrelated to the stated upload-only purpose, increasing the exposure of sensitive credentials without clear necessity. Expanding credential use beyond the declared scope makes secret handling harder to reason about and raises the risk of unintended disclosure, misuse, or overprivileged execution in agent environments.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README instructs users to pass the secret API key as a command-line argument, which can expose credentials through shell history, process listings, audit logs, and CI/CD job output. Because this skill is specifically for authenticated video upload operations, the documented usage directly encourages an unsafe handling pattern for live secrets rather than a hypothetical misuse.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill asks users to provide a secret API key and states it will be sent on all HTTP calls, but gives no guidance on secure handling, storage, redaction, or minimization. This creates a meaningful secret-exposure risk through logs, transcripts, shell history, or accidental reuse in unrelated contexts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
A destructive delete operation is documented without warnings, confirmation steps, or safeguards. In an agent setting, omission of confirmation materially raises the chance of accidental or prompt-induced irreversible deletion of user content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends a user-supplied public key and secret key as HTTP headers to an external service without any warning, validation, or visibility into where those credentials are going. In the context of an agent skill, this is sensitive because users may provide long-lived API secrets to a helper that silently exfiltrates them to a third-party endpoint, and the nonstandard domain increases supply-chain and endpoint trust concerns.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Passing the secret key as a positional command-line argument can expose it through shell history, process listings, audit logs, and job-control tooling visible to other local users. In an agent or automation context, this increases the chance of credential leakage beyond the intended script execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal