ClawHub

Huo15 Comic Edit

Security checks across malware telemetry and agentic risk

Overview

The advertised video-editing command is local, but the package also includes undisclosed cloud AI helpers that can use API credentials and send prompts or media to external services if invoked.

Install only if you are comfortable with the package containing unused remote AI code alongside the local FFmpeg editor. Use the documented edit.py workflow with intended project directories, keep ARK_API_KEY unset unless you intentionally want the cloud helpers used, and prefer a revised version that removes or clearly documents the external API functionality.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The module exposes image generation, video generation, download, and TTS capabilities that substantially exceed the manifest's described FFmpeg-only local compositing scope. This hidden expansion of capability increases the attack surface, enables undisclosed external data transfer, and may let a supposedly local-only skill invoke remote AI services and create files without informed user consent.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The code pulls API credentials from the environment and establishes outbound access to external AI endpoints even though the skill is presented as a local FFmpeg composition tool. In this context, that mismatch is security-relevant because users may provide local media assuming no external transmission, while the skill can silently upload content and use privileged credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
_image_to_data_uri reads local image files and converts them for inclusion in remote API requests, creating a direct path for local media exfiltration. In a skill advertised for local FFmpeg post-processing, silently uploading local files is especially dangerous because users are less likely to expect or authorize that transfer.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The video submission path sends prompts and referenced audio/video resources to a remote service without any visible user-facing notice in this wrapper. That creates a privacy and data-governance risk, particularly because the skill's stated purpose suggests local FFmpeg composition rather than cloud processing.

External Transmission

Medium
Category
Data Exfiltration
Content
"size": size,
            "watermark": False,
        }
        resp = requests.post(
            f"{self.base_url}/images/generations",
            headers=self.headers,
            json=body,
Confidence
93% confidence
Finding
requests.post( f"{self.base_url}/images/generations", headers=self.headers, json=

External Transmission

Medium
Category
Data Exfiltration
Content
if seed is not None:
            body["seed"] = seed

        resp = requests.post(
            f"{self.base_url}/contents/generations/tasks",
            headers=self.headers,
            json=body,
Confidence
94% confidence
Finding
requests.post( f"{self.base_url}/contents/generations/tasks", headers=self.headers, json=

External Transmission

Medium
Category
Data Exfiltration
Content
if emotion:
            body["emotion"] = emotion

        resp = requests.post(
            f"{self.base_url}/audio/speech",
            headers=self.headers,
            json=body,
Confidence
90% confidence
Finding
requests.post( f"{self.base_url}/audio/speech", headers=self.headers, json=

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal