ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

STH Video Template Generation

v2.0.0

Generate vertical 9:16 videos for Sing The Hook song templates using a two-stage pipeline with MCP, trimming, uploading to GCS, and database updates.

0· 99·0 current·0 all-time
byYin Zhu@zhuyinzhuyin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to generate STH videos via MCP and upload to GCS (consistent with included scripts). However the registry metadata lists no required env vars/binaries while SKILL.md requires many sensitive values (DB host/credentials, MCP endpoint & API key, GCS key path). Worse: the Python code largely uses hardcoded DB/MCP configuration constants (localhost/dev_mobile/openclaw and MCP endpoint) rather than reading the SKILL.md-listed STH_* environment variables — a direct mismatch that is not explained and may cause the skill to act on local resources unexpectedly.
!
Instruction Scope
SKILL.md gives a narrow runtime flow (ask for CSV, run sth_video_generator.py). The actual code goes beyond that: it runs psql, curl, ffprobe/ffmpeg, downloads audio to temp files, writes logs and state files in the skill and /root/.openclaw/media paths, polls external MCP endpoints, and updates a database table. The SKILL.md does not document some hardcoded file paths (e.g., /root/.openclaw/media/inbound) or the precise behavior of the background polling and file writes. The instructions also ask for env vars that the code doesn't appear to read, meaning the runtime behavior may rely on hardcoded defaults instead of provided secrets.
Install Mechanism
No install spec is provided (instruction-only), which lowers supply-chain risk. The SKILL.md recommends installing google-cloud-storage and requires ffmpeg/psql/curl to be present on host. Because the code is included in the bundle (not downloaded at runtime) there's no remote arbitrary download, but the skill depends on system binaries and a Python package; the skill will call external binaries (curl/psql/ffprobe/ffmpeg) and the google-cloud library, so you must ensure those are installed in a controlled environment.
!
Credentials
SKILL.md requests many sensitive environment variables (DB host/port/name/user/password, MCP endpoint/api key, GCS service-account path). That is proportionate for the declared pipeline — except the code does not actually read those STH_* env vars and instead uses hardcoded DB_CONFIG/MCP_CONFIG values. This mismatch is concerning: either the SKILL.md is out of date or the code will ignore user-provided credentials and act on local defaults (localhost DB, empty DB password, hardcoded MCP endpoint). Requesting a GCS key file path and an MCP API key is expected for uploads, but you must confirm the code will use the credentials you provide rather than ignoring them.
Persistence & Privilege
The skill is not always-enabled and does not ask for platform-level privileges. It writes state and log files inside its skill directory (raw_video_urls.json, logs, pending_notifications.txt) and accesses files under /root/.openclaw/media/inbound in several scripts. It also spawns long-polling loops (poll_video_job) that can run for many minutes. Allowing autonomous invocation plus DB write capability increases blast radius; while autonomous invocation is normal, combined with database updates and external network calls this merits careful credential and environment controls.
What to consider before installing
Key points to verify before installing or running: - Mismatched declarations: The registry says "no env vars" but SKILL.md asks for many sensitive variables (DB creds, MCP API key, GCS key path). Ask the author which is authoritative. Do not hand over secrets until you confirm the code will use them correctly. - Code vs env: Inspect/modify the code to ensure DB/MCP/GCS configuration is read from secure environment variables (or a config file) rather than using hardcoded defaults (the current DB_CONFIG and MCP_CONFIG are hardcoded). If you expect it to use STH_DB_* / STH_MCP_* variables, confirm the code reads os.environ for those keys. - Run in an isolated sandbox: Because the scripts will execute psql, curl, ffmpeg/ffprobe and update a PostgreSQL table, test the skill in a throwaway environment (or with a read-only test DB and fake MCP credentials) before providing production credentials. - Verify external endpoints and credentials: The code targets an external MCP endpoint (https://kansas3.8glabs.com/mcp). Confirm that endpoint is trusted and that the MCP API key will be scoped/rotated appropriately. The skill also uploads to GCS — prefer a service account with minimal permissions (only the target bucket) and avoid broad-scoped keys. - File paths and data exposure: The scripts reference /root/.openclaw/media/inbound and write logs and state under the skill directory. Ensure those paths are acceptable and contain no sensitive data you don't want processed. Consider running with a limited filesystem view. - Review and harden: If you plan to use this, update the code to read credentials from environment variables, validate/escape template IDs before building SQL, and limit polling durations/worker counts. Remove or document any behavior that writes notifications or uses Telegram. If you cannot confirm these items with the author, treat the skill as untrusted and avoid supplying real DB or cloud credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cbcwjr98d842ax6b5wpzxsh833d21

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments