ClawHub

AI Influencer

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it asks users to trust a sensitive AI face/voice generation workflow while the included script only simulates success and does not create the promised media.

Review before installing. Only use it with images, scripts, and voice IDs you are authorized to use, assume a real implementation would send sensitive media to third-party services, use scoped API keys, and do not rely on the current script's success messages unless actual output files are verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to access environment secrets and make external network calls, but it does not declare those permissions explicitly. That weakens reviewability and policy enforcement, making it easier for a user to trigger sensitive API usage or exfiltration paths without clear consent boundaries.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill advertises an automated pipeline for Gemini, ElevenLabs, and Kling AI, but the implementation only checks for API keys and prints simulated progress messages. This is dangerous because it can mislead users into believing media generation and external API actions occurred, causing false trust, wasted time, and potentially prompting users to provide sensitive credentials to a nonfunctional workflow.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The CLI description claims the tool performs an 'Image + Audio -> Video' transformation, but the code does not do so. In a security context, deceptive capability claims increase risk because users may rely on nonexistent processing, assume files were created, or integrate the script into automated workflows that trust fabricated success states.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The invocation guidance uses broad trigger language such as generating an AI influencer video or 'run the influencer pipeline' without clear authorization or safety constraints. In an agentic environment, vague triggers can cause accidental execution of networked actions that consume paid credits, process biometric/voice data, and send content to third-party services.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal