ClawHub

Video Generator | 视频生成器

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate video-generation skill, but it needs review because its instructions can expose API keys and use cloud services or installs under overly broad conditions.

Review before installing. Use only the pinned, intended package/source after verifying it yourself, require explicit confirmation before any clone, install, generation, or cloud API call, and do not let the agent print .env contents. Use limited-scope API keys, watch provider billing, and avoid submitting confidential scripts unless the selected provider is approved for that data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to clone and install a remote GitHub project before use, which expands the skill from documented guidance into software acquisition and execution of unpinned third-party code. This creates a supply-chain risk because the referenced repository or its dependencies could change over time and cause the agent to run unreviewed code on the host.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The agent usage section directs execution of local shell scripts and TypeScript entrypoints with user-provided script content, giving the skill operational authority beyond simple video-generation description. Even if the purpose is legitimate, instructing the agent to run shell commands and project scripts increases the attack surface because those scripts may perform additional actions or mishandle input.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to configure third-party OpenAI, Azure, Aliyun, and Tencent TTS/ASR services, but it does not disclose that script text, generated audio, and possibly transcript content will be sent to external cloud providers. In a text-to-video pipeline, users may process proprietary, personal, or confidential content, so omission of this data-flow warning can cause unintentional privacy and compliance exposure.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The README states that generated artifacts are written to fixed project paths such as audio/, src/scenes-data.ts, and out/ without warning that existing files may be modified or overwritten. This can lead to accidental loss of local work or unintended changes in a repository, especially when run in an existing project directory or automated environment.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The auto-trigger criteria are broad enough to activate on ordinary discussion about videos or on any multi-sentence text resembling a script. Over-broad triggering can cause the agent to invoke this skill unexpectedly, leading to unnecessary command execution, external API usage, cost, and data disclosure without sufficiently clear user intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states that user script content is sent to OpenAI TTS and Whisper services but does not clearly foreground this as a privacy and data-sharing consequence at the point of use. Users may provide sensitive text expecting local processing, so silent transmission to third-party providers creates confidentiality and compliance risks.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill declares broad automatic triggers such as generic requests to make or generate a video, and also triggers on any text that merely looks like a script. In an agent ecosystem, this can cause the skill to be invoked unexpectedly, leading the agent to run local shell commands, use networked APIs, and incur cost or process sensitive user content without sufficiently explicit user intent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example phrases are highly generic, including common requests like '帮我生成一个视频' and '我想要一个关于AI的短视频', which are likely to overlap with normal conversation. Because this skill's documented behavior includes executing repository scripts and CLI commands, overly generic examples increase the chance of unintended invocation, command execution, and unnecessary API usage.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill declares auto-trigger phrases like "video", "generate video", and "create video", which are broad enough to match routine conversation and cause unintended activation. In an agent context, overbroad triggering can lead to unprompted file creation, shell command execution, API usage, and external service calls without sufficiently explicit user intent.

Credential Access

High
Category
Privilege Escalation
Content
**Do**:
- Verify project exists before running
- Check .env configuration
- Show output file location

**Don't**:
Confidence
92% confidence
Finding
.env

Session Persistence

Medium
Category
Rogue Agent
Content
**Option 1: npm Global Install**
```bash
npm install -g openclaw-video-generator@1.6.2
export OPENAI_API_KEY="sk-..."  # Or add to ~/.bashrc
openclaw-video-generator --version
```
Confidence
84% confidence
Finding
add to ~/.bashrc

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal