ClawHub

Xeonupscale

Security checks across malware telemetry and agentic risk

Overview

This appears to be a straightforward video upscaling skill, with disclosed but real install-time supply-chain risks.

Install only if you trust the GitHub repository and the BtbN ffmpeg build source. Prefer cloning and reviewing the files over curl-to-bash, and avoid installing over an existing xeonupscale skill directory with local changes. When using it, specify exact input and output paths and prefer upscale.sh over direct ffmpeg commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill exposes shell execution through allowed Bash tools and bundled binaries, but the static finding indicates those capabilities are not declared as permissions. This creates a mismatch between the skill's documented trust boundary and its actual execution power, making it easier for users or orchestration systems to invoke shell-based behavior without appropriate review or policy enforcement.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The installer fetches code from a user-supplied REPO_URL and downloads prebuilt ffmpeg binaries from the network during installation, introducing a supply-chain trust boundary not inherent to simple local video upscaling. While this behavior is plausibly functional for the skill, it is still security-relevant because it executes installation logic based on remote content without pinning commits, verifying checksums, or validating signatures.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README explicitly instructs users and agents to run installation methods that fetch and execute code from the network (`curl ... | bash`) and run a local installer that downloads additional binaries and modifies skill directories. This creates a supply-chain and arbitrary code execution risk: if the repository, referenced script, or upstream FFmpeg release path is compromised, the installer can execute attacker-controlled shell commands with the user's privileges.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script unconditionally removes any existing destination path with rm -rf before recreating it as a symlink, with no confirmation or backup. If the destination already contains local changes or user-managed content, this can cause destructive data loss and can be abused if the destination path is not what the user expects.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal