ClawHub

Send Video Message

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it creates Runway AI-avatar videos from user-provided text and avatar choices, with disclosed external API use and local avatar reuse.

Install only if you are comfortable sending the spoken text, avatar image, and any generated portrait prompt to Runway under your API key. Avoid using it for confidential incident details, private code review content, or personal images unless Runway is approved for that data. Set RUNWAY_API_SECRET securely, monitor Runway usage or billing, choose the voice explicitly when needed, and delete ~/.openclaw/runway-avatar.json if you do not want future videos to reuse the saved avatar.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
97% confidence
Finding
The skill clearly requires sensitive capabilities including network access, shell execution, environment secret access, and local file read/write, yet it declares no permissions. That creates a transparency and policy-enforcement gap: a host may allow or auto-invoke the skill without surfacing that it can exfiltrate user text, use API keys, write persistent state, or invoke local binaries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The description says the skill sends a video message, but the documented behavior also includes creating avatars, generating portrait images from text prompts, persisting avatar identifiers across sessions, and re-encoding media locally. This mismatch can mislead users and orchestrators about the real scope of data processing and side effects, reducing informed consent and making unintended persistence or external uploads more likely.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The user-facing description is broad enough to overlap with many generic communication requests, increasing the chance of accidental or over-broad invocation. Because this skill sends data to an external service and writes files, ambiguous triggering expands the attack surface for unintentional disclosure or unnecessary execution.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The guidance says to use the skill for broad categories like updates, reviews, incident summaries, and onboarding, without strict activation boundaries. In a multi-skill environment this can cause the agent to choose a networked media-generation workflow when a plain text response would suffice, unnecessarily exposing content to third parties.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The instructions require choosing a voice based on perceived gender or appearance of the avatar rather than user preference. This is unsafe from a product and trust perspective because it encourages inference about sensitive attributes and can produce offensive or non-consensual outputs, especially when creating custom avatars from user images or descriptions.

Session Persistence

Medium
Category
Rogue Agent
Content
### Get a Runway API Key

1. Go to [dev.runwayml.com](https://dev.runwayml.com)
2. Create an account and get an API key
3. Set it: `export RUNWAY_API_SECRET=your_key`

## One-Time Setup: Create Your Avatar
Confidence
90% confidence
Finding
Create an account and get an API key 3. Set it: `export RUNWAY_API_SECRET=your_key` ## One-Time Setup: Create Your Avatar Before generating videos, create a **custom** avatar (face image + Runway).

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal