ClawHub

Slideshow Video

Security checks across malware telemetry and agentic risk

Overview

The slideshow tool mostly does what it claims, but it asks users to run unreviewed external setup with API keys and has under-scoped file and network behavior that should be reviewed before use.

Review carefully before installing. Use only trusted project JSON files, explicitly set your own CTA, avoid private/internal media URLs, and inspect generated caches and outputs. Do not follow the external GitHub/npm `.env` setup with real API keys unless you separately review that repository and protect the secrets from commits or logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly describes capabilities that involve filesystem writes, reading local files, network access, and shell execution, but it does not declare permissions or present an explicit capability boundary. This creates a transparency and consent problem: users may invoke the skill without realizing it can download remote content, write build artifacts, and execute local tooling like Python and ffmpeg.

Description-Behavior Mismatch

Low
Confidence
88% confidence
Finding
The script explicitly allows --audio to be a remote URL, causing ffmpeg to fetch network resources during what appears to be a local media export workflow. In agent or automation environments, this can enable SSRF-style outbound requests, unexpected data egress, or access to internal-only endpoints if an attacker controls the audio source.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The README encourages ingestion of external URLs and other remote content plus creation of rendered MP4 outputs, but it provides no warning about fetching untrusted data, processing potentially sensitive source material, or writing files to disk. In an agent context, this can lead users to supply private URLs or content without understanding that remote retrieval and local artifact creation may expose or retain sensitive data.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The quick-start instructs users to copy a .env file and add API keys for third-party services without any warning about secure secret storage, accidental commits, or provider-side data exposure. In practice, users commonly paste live credentials into local files and may later leak them via source control, logs, or shared environments.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill states that remote images are downloaded and cached automatically and that local files are generated, but it does not provide a clear user-facing warning at the point of use. Automatic network retrieval plus local writes can surprise users, expose IP/network metadata to third parties, and persist unreviewed content on disk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Accepting remote audio input means a normal export operation can silently trigger network access through ffmpeg. In the context of an agent skill that may run with local network reachability or privileged environment access, this increases risk because attackers can induce connections to arbitrary URLs without meaningful user awareness beyond help text.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal