ClawHub

Byted Mediakit Tools

Security checks across malware telemetry and agentic risk

Overview

This media-processing skill appears legitimate, but it deserves review because it can send media URLs and prompts to external services and tells agents to persist API secrets locally.

Review before installing. Use this only for media and prompts you are comfortable sending to Volcengine/ARK services, avoid private or internal URLs unless authorized, and provide API keys through a secure secret manager or temporary environment rather than letting an agent write real secrets into a project .env file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The error text explicitly instructs an agent to obtain a user's secret and persist it into the repo-root `.env` or shell environment. In an agent-executed skill with `file_write` permission, this expands the skill from media processing into credential collection and storage, creating a real risk of unnecessary secret handling, persistence, and leakage through the repository or logs.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
These validation messages continue to direct callers to edit the repository `.env` or export API credentials, reinforcing unsafe credential-management behavior outside the stated media-processing purpose. In an agent setting, such guidance can cause secrets to be persisted locally in places with broader exposure than necessary.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation text is overly broad and says the host agent 'must' invoke this skill for a wide range of common media requests. That can override user intent and safer routing choices, causing unnecessary transmission of media URLs and task data to an external service even when a local or lower-privilege alternative would suffice.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes sending video URLs, audio URLs, prompts, and credentials to external Volcengine services but does not prominently disclose that user-provided media references and derived content will leave the host environment. This creates a privacy and data-governance risk, especially for private or signed URLs, internal media assets, or sensitive prompts attached to video-understanding requests.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly accepts arbitrary remote media URLs over HTTP/HTTPS but does not document any restrictions, validation requirements, or privacy/security implications of fetching third-party content. In a network-enabled media-processing skill, this can lead to server-side requests to attacker-controlled endpoints, unintended access to internal resources if URL handling is weak, and leakage of sensitive media to external services.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documentation requires a user-provided video URL and states the video will be analyzed by a model service, but it does not explicitly warn that the referenced content will be transmitted to an external service for processing. This can cause users or calling agents to send sensitive or private media without informed consent, creating privacy, confidentiality, and compliance risk, especially because the skill has network access and is mandated for certain user requests.

Ssd 3

Medium
Confidence
97% confidence
Finding
The error message contains direct operational instructions for an agent to solicit secrets from the user and store them in `.env` or exported environment variables. Because this skill has file access and runs in an agent context, the behavior increases the chance of credential exfiltration, over-retention, and accidental inclusion in workspace artifacts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal