100Critical
This skill enables prompt injection against downstream AI,
Behavior Analysis
Description verified — behavior matches claim
Claims to do
agent-im 会话(生图 / 生视频): 通过 agent-im 的 OpenAPI 创建会话、发送消息(生图、生视频、编辑视频等)、上传图片/视频文件,并查询会话消息进展。
Actually does
This skill executes Python scripts to interact with the LibTV AI platform. It uses a `LIBTV_ACCESS_KEY` for authentication, uploads local image/video files to an OSS URL, sends messages to `https://im.liblib.tv` for AI generation/editing, queries session progress, and downloads generated media to local directories.
Skill Info
Namehaofanwang/libtv-skill
Registryclawhub
Version1.0.3
PURLpkg:clawhub/haofanwang/libtv-skill@1.0.3
Stars4
Downloads2,421
Installs15
Source
SHA-2567e8ffa94928c...
SHA-1c5e9703b2e1a...
MD58ccdb42d455b...
TLSH7a32fa2a4454...
ssdeep192:au0l9JkV...
Size11,469 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
ClawHubDocs
openclaw skills install haofanwang/libtv-skillAssessments (3)
AI Agent Traps ↗Prompt Injection Detectedcriticalprompt injection
DeBERTa classifier detected prompt injection (confidence: 1.00)
100% confidence
Arbitrary File Write via Download Output Directorycriticalcommand execution
The skill allows specifying an arbitrary output directory for downloaded files, which could lead to overwriting critical system files or placing malicious executables in sensitive locations.
100% confidenceline 108
python3 {baseDir}/scripts/download_results.py SESSION_ID --output-dir ~/Desktop/my_projectArbitrary URL Download Capabilitycriticalcommand execution
The skill can download content from arbitrary URLs, enabling the download of malicious payloads, potential Server-Side Request Forgery (SSRF), or resource abuse by downloading excessively large files.
100% confidenceline 114
python3 {baseDir}/scripts/download_results.py --urls URL1 URL2 URL3 --output-dir ./outputData Exfiltration via File Uploadhighdata exfiltration
The skill can upload local files to an external OSS. If an attacker can control the file path, sensitive local files could be exfiltrated, even with file type restrictions.
100% confidenceline 93
python3 {baseDir}/scripts/upload_file.py /path/to/image.pngPotential for Command Injection in Script Argumentsmediumcommand execution
The skill executes Python scripts with arguments derived from user input (e.g., message content, file paths). Lack of explicit sanitization could allow command injection if user input is directly passed to shell commands within the Python scripts.
80% confidenceline 58
python3 {baseDir}/scripts/create_session.py "生一个动漫视频"Relaying Unsanitized User Prompts to External APIlowprompt injection
The skill's core principle is to faithfully relay user prompts to the backend API without modification. This makes the skill a conduit for prompt injection attacks against the downstream LibTV AI system, rather than a direct vulnerability of the skill itself.
90% confidenceline 226
把用户的原始描述 + OSS URL 原封不动发给 `create_session.py`
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/clawhub/haofanwang/libtv-skill)HTML
<a href="https://mondoo.com/ai-agent-security/skills/clawhub/haofanwang/libtv-skill"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/haofanwang/libtv-skill.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/clawhub/haofanwang/libtv-skill.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow