ClawHub

TCM Video Factory

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it uses Perplexity to generate a local video production plan, with no evidence of hidden access, persistence, or destructive behavior.

Install only if you are comfortable using a Perplexity API key and sending the requested video topic and generated planning context to Perplexity. Use a dedicated API key where possible, avoid entering private or regulated health information, and review generated health claims before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

External Transmission

Medium
Category
Data Exfiltration
Content
throw new Error('Missing PERPLEXITY_API_KEY environment variable.');
  }

  const response = await fetch('https://api.perplexity.ai/chat/completions', {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${apiKey}`,
Confidence
92% confidence
Finding
fetch('https://api.perplexity.ai/chat/completions', { method: 'POST'

External Transmission

Medium
Category
Data Exfiltration
Content
throw new Error('Missing PERPLEXITY_API_KEY environment variable.');
  }

  const response = await fetch('https://api.perplexity.ai/chat/completions', {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${apiKey}`,
Confidence
92% confidence
Finding
https://api.perplexity.ai/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal