ClawHub

Zyt avatar

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Chanjing API helper for creating lip-sync avatar videos, with expected but sensitive handling of API credentials and uploaded media.

Install only if you trust Chanjing with the media, text, and generated video URLs involved in your task. Keep credentials in a private local file with restrictive permissions, do not paste secrets into shared chats or logs, and keep CHANJING_API_BASE pointed at https://open-api.chanjing.cc unless you deliberately trust another endpoint. Be aware that some helper scripts documented by the skill are not present in this artifact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tainted flow: 'req' from os.environ.get (line 67, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
headers={"Content-Type": "application/json"},
        method="POST",
    )
    with urllib.request.urlopen(req, timeout=30) as resp:
        return json.loads(resp.read().decode("utf-8"))
Confidence
92% confidence
Finding
with urllib.request.urlopen(req, timeout=30) as resp:

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill uploads local video and audio assets to a third-party API, but the description does not clearly warn that local media leaves the user's machine and is transmitted to an external service. This creates privacy and compliance risk because users may provide sensitive media without informed consent.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill instructs users to store app_id and secret_key in a local credentials file but does not include clear secret-handling guidance. Without warnings about file permissions, redaction, and avoiding disclosure in logs or prompts, users may expose credentials inadvertently.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal