ClawHub

抖音视频转报告

Security checks across malware telemetry and agentic risk

Overview

This skill performs the advertised Douyin video report workflow, but it also bypasses platform checks, runs URL-influenced shell commands, and processes or shares media without enough user control.

Review before installing. Use only in an isolated environment and only with videos you have permission to process. Assume downloaded video, extracted audio, screenshots, transcripts, and reports may remain on disk or be handled by external CLI services; prefer a revised version with explicit consent prompts, narrow triggers, Douyin URL validation, safe subprocess argument lists, scoped permissions, and cleanup controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
WORKSPACE = "/home/gem/workspace/agent/workspace"

def run(cmd, timeout=60):
    r = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout)
    return r.returncode, r.stdout, r.stderr

async def get_video_info(url):
Confidence
97% confidence
Finding
r = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no permissions even though it clearly instructs file access and shell execution via Python, curl, ffmpeg, and CLI tools. This is dangerous because it hides the skill's actual execution and data-handling capabilities from the host and user, reducing opportunities for consent, sandboxing, and policy enforcement.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases include common-language requests like '这个视频说了什么' and '总结这个视频', which can activate a workflow that downloads content, transcribes it, and sends results externally. Overly broad triggers increase the chance of accidental invocation of a high-impact pipeline without clear, informed user intent.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill description advertises downloading user-provided video content, performing transcription, and sending an attachment to Feishu, but it does not warn about retention, third-party processing, copyright/privacy implications, or outbound transmission. This is dangerous because users may unknowingly cause sensitive or copyrighted content to be stored, processed by external tools, and delivered outside the current environment.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are broad, generic, and overlap with ordinary user requests such as asking what a video says or pasting a Douyin link. This can cause the skill to activate unintentionally and launch a high-risk automation pipeline that includes bypassing verification, downloading third-party content, transcription, HTML report generation, and external delivery to Feishu without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
74% confidence
Finding
The script writes analysis results, which may include transcribed speech and extracted content, to a fixed workspace path without user confirmation. In an agent environment, silent persistence of potentially sensitive content can create privacy and data handling risks, especially if other tools or users can access that workspace.

Missing User Warnings

High
Confidence
89% confidence
Finding
The pipeline sends extracted audio and images to external CLI-based AI services for transcription and image analysis without explicit consent or disclosure. Because these inputs may contain personal, copyrighted, or confidential information, undisclosed transmission to external processors materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The generic shell execution helper is used with user-influenced inputs but provides no safety checks, warnings, or constraints. In an automation skill context, this makes exploitation more dangerous because untrusted URLs and filenames can reach shell execution paths across multiple commands.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal