ClawHub

ark-video-storyboard

Security checks across malware telemetry and agentic risk

Overview

The skill largely matches a video storyboard and Ark video-generation purpose, but it adds under-scoped external delivery, persistent workflow logging, and a hard-coded ethnicity default that users should review before installing.

Install only if you are comfortable with generated prompts and reference-image-derived content being sent to Volcengine Ark, generated videos being saved under ~/.openclaw/media, and the final file potentially being sent through Feishu. Review or remove the default ethnicity rule before use if you need neutral or user-directed character representation, and avoid storing sensitive prompts or videos unless you have a cleanup plan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares only storyboard/video-generation behavior, but its instructions require shell execution, environment variable access, and local file reads. That mismatch increases the risk of over-privileged execution and user-unexpected access to secrets or local filesystem data, especially when reading API keys and manipulating files under the user's home directory.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Updating a persistent workflow log in ~/.openclaw/workspace/WORKFLOW.md creates session persistence unrelated to the user's immediate storyboard or generation request. Persistent logging can expose user prompts, file paths, timestamps, or other activity metadata beyond what is necessary, creating privacy and data-retention risk.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill adds a Feishu file-delivery step that is not disclosed in the manifest purpose, expanding the skill from local/API video generation into external data transmission. Sending generated files and metadata to a third-party messaging channel can leak user content or create unexpected exfiltration paths if the user did not specifically request that delivery mechanism.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The reference explicitly instructs the skill to automatically download generated videos into the user's home directory, which adds persistent local file-write behavior beyond simply submitting generation jobs and returning results. This creates storage side effects, increases data-retention risk, and could surprise users who did not consent to local writes, especially when generated media may be sensitive or numerous.

Context-Inappropriate Capability

Low
Confidence
85% confidence
Finding
The documentation includes logic to retrieve API credentials from environment variables and local configuration files, which is an additional credential-access capability not clearly disclosed in the skill description. Even if common for API integrations, accessing secrets from multiple local sources expands the skill's effective privilege surface and should be explicitly declared and minimized.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The rule hard-codes a default ethnicity for all unspecified human characters, introducing demographic bias into generated outputs without user request or product necessity. In a storyboard/video-generation skill, this can systematically steer representation, produce unfair or exclusionary content, and create compliance and trust issues even if it is not a classic software exploit.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The schema hard-codes a protected-attribute default by stating that all human characters are East Asian unless explicitly specified otherwise. In a content-generation workflow, this creates biased outputs, overrides user intent by default, and can systematically encode discriminatory assumptions into generated storyboards and downstream prompts.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The code hard-codes a demographic constraint, `All human characters are East Asian unless explicitly specified otherwise`, into every generated storyboard regardless of user intent or task requirements. This introduces an unrelated biased default into creative output, which can systematically shape prompts and downstream generated media in a discriminatory way and create fairness, compliance, and reputational risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill is documented to automatically write downloaded videos under ~/.openclaw/media without a clear warning at execution time that local files and directories will be created. Silent filesystem writes can surprise users, consume disk space, and persist potentially sensitive generated content after the session ends.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documented fallback to environment variables and local config files for API keys lacks a clear user warning that the skill will access locally stored credentials. In an agent setting, undeclared credential access reduces transparency and can violate user expectations even when the credential is only used for the intended API.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
Defaulting unspecified characters to 'East Asian appearance' imposes a protected demographic attribute without consent, which is a clear bias issue in prompt construction. Because this skill is designed to generate repeated storyboard segments and prompts, the rule can propagate consistently biased outputs across many scenes, amplifying representational harm and increasing policy, reputational, and downstream misuse risk.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
Mandating Chinese for planning fields and English for prompts without user opt-in imposes a fixed language policy that may mis-handle user input, reduce accessibility, and cause unintended disclosure or transformation of content across languages. While not a direct code-execution issue, it is a policy and safety concern because it can degrade reliability and user control in a multilingual generation pipeline.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
This rule forces a specific ethnicity as the default character identity, which is a stronger form of the same bias issue because it directly governs generated character depiction unless the user intervenes. In a storyboard-to-video pipeline, this can propagate protected-attribute stereotyping into prompts, images, and video outputs at scale, making the skill materially more dangerous than a mere style preference.

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
This finding is valid because the skill applies an ethnicity default to all human characters without consent, opt-in, or contextual necessity. In a storyboard/video-generation skill, that default can propagate into prompts and generated visual assets, causing biased or exclusionary outputs at scale even when the user never requested any ethnicity constraint.

Ssd 4

Medium
Confidence
95% confidence
Finding
Embedding a protected-attribute identity constraint as a normalized default institutionalizes biased character selection in the schema itself. Because this file is a reference schema for repeated use, the bias is likely to be replicated across many generations, making the skill context more dangerous due to consistency and scale.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal