ClawHub
Back to skill

Security audit

WayinVideo - Find Moments in the Video

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it can send local videos, URLs, and search queries to an external service and stores task details locally without enough user-facing controls.

Install only if you are comfortable with Wayin receiving the videos, URLs, queries, and processing settings you provide. Avoid using it with private, regulated, or confidential media unless you have reviewed Wayin's handling and retention terms, and check where the skill stores task metadata locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def send_system_event(text):
    try:
        subprocess.run([
            "openclaw", "system", "event",
            "--text", text,
            "--mode", "now"
Confidence
92% confidence
Finding
subprocess.run([ "openclaw", "system", "event", "--text", text, "--mode", "now" ], check=True, capture_output=True, text=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
97% confidence
Finding
The skill requires and instructs use of powerful capabilities—environment-variable access, local file reads/writes, shell execution, and network calls—yet does not declare permissions or provide explicit guardrails. This creates a transparency and policy-enforcement gap: an agent may invoke sensitive operations without users or the runtime having a clear chance to review or constrain them.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill performs behavior beyond simple polling by generating system-level events through an external CLI. This broadens the trust boundary and can surface remote/API-derived content as notifications, which is not strictly necessary to the core video-moment retrieval function and can be abused for noisy, deceptive, or manipulative host interactions.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly tells the agent to upload local videos or content downloaded from unsupported URLs to a third-party API, but it does not require an explicit user-facing consent step or warning that the media will leave the local environment. Video files often contain sensitive visual, audio, and metadata content, so silent exfiltration to an external service is a meaningful privacy and compliance risk.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill directs the agent to use an API key from the environment to make authenticated requests to an external service, but it does not instruct the agent to warn the user about external authenticated actions or to avoid exposing the credential in logs/subagents. In context this is less severe than direct secret exfiltration, but it still increases the chance of mishandling credentials and making opaque third-party requests.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script transmits user-supplied video URLs, search queries, and optional language/export settings to a third-party API without any explicit user-facing disclosure at the point of execution. In a skill context, users may assume processing is local; undisclosed remote transmission can expose sensitive media references, internal URLs, or confidential search intent.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The script persists submitted task metadata, including the query, full submit payload, API endpoint, and project ID, to local disk by default without a clear warning to the user. Even if API keys are not written, the saved metadata can contain sensitive search terms, internal video URLs, project names, and language settings that may be exposed to other local users or accidentally committed/shared.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.