ClawHub

Huo15 Comic Script

Security checks across malware telemetry and agentic risk

Overview

The main script generator is coherent, but the package also includes under-disclosed paid media API helpers that can upload local media, call external services, and write generated files.

Review before installing. Use it only in a controlled project folder, provide ANTHROPIC_API_KEY only if you intend to use the fallback generator, and avoid exposing ARK_API_KEY unless you deliberately want the bundled paid media helpers available. The evidence does not show automatic exfiltration or destructive behavior, but the extra media API code is broader than the advertised skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises only a simple script-generation function, but the analyzer detected capabilities for environment access, file read/write, and network use without any declared permissions. Undeclared capabilities reduce transparency and reviewability, making it easier for a seemingly harmless content skill to access secrets, modify local files, or call external services unexpectedly.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
This is a significant description-behavior mismatch: the skill claims to generate only a script JSON, but the detected behavior includes image/video generation, TTS, downloading artifacts, budgeting/charging logic, and multi-stage production checkpoints. Such hidden expansion of scope is dangerous because users and reviewers may authorize a low-risk writing tool while actually granting a much broader automation pipeline with network access, file writes, and potential cost-incurring operations.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The shared wrapper exposes image generation, video generation, downloading, and TTS features even though the declared skill is for comic-script JSON generation. This expands the skill's effective capability surface far beyond its stated purpose, increasing opportunities for unreviewed data exfiltration, remote content generation, and unexpected side effects.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Remote media generation and download are materially unrelated to a skill that is supposed to output a `script.json`. In this context, those functions create unnecessary network and file I/O capabilities that make the skill more dangerous because they enable off-scope transmission and persistence of user content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Local image paths are automatically read, base64-encoded, and sent to a remote API without any disclosure or consent mechanism in the wrapper. That can expose local files the user may not realize are being uploaded, which is especially concerning because the skill's stated purpose does not imply image upload behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The video submission method accepts local images and remote/local media references and sends them to an external generation API without any user-facing notice or permission gate. In a script-generation skill, this is unjustified data sharing and increases the chance that sensitive media is uploaded unexpectedly.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The TTS method transmits input text to a remote API and stores returned audio to disk without surfacing that external processing or local persistence to the user. If the text contains sensitive prompts, dialogue, or personal data, this can leak content and create unexpected artifacts on disk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal