ClawHub

VN SKill for Windows

Security checks across malware telemetry and agentic risk

Overview

This Windows media-processing skill appears legitimate, but it can automatically install downloaded software and make network downloads without enough upfront consent or disclosure.

Review before installing. Use this only if you trust the publisher and the referenced release source, and require explicit confirmation before any install, upgrade, URL or attachment download, or large Whisper model download. Prefer manual CLI installation and verification on managed, offline, or privacy-sensitive Windows systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill advertises that processing is fully local with no cloud upload, but it also instructs the agent to download and execute an installer and later download Whisper model files from the internet. That discrepancy is security-relevant because users may rely on the privacy and offline implications of the claim, while the workflow silently introduces network access and remote code or artifact retrieval.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill says URLs and cloud files are not supported, yet later instructs the agent to download URL or attachment inputs into a local working directory and reuse cached copies. This inconsistency can cause the agent to handle remote content contrary to the stated boundary, expanding the trust surface to untrusted network content and persistent local caching.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill directs the agent to automatically copy and execute an installation script with ExecutionPolicy Bypass and to install or upgrade software without asking the user. This materially broadens the capability from media processing to arbitrary system modification, creating a path for silent software installation, supply-chain compromise, or execution of tampered local skill files.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The file states that processing runs locally and requires no cloud upload, but the auto-captions section explicitly says some Whisper models are downloaded on first use. While this is not remote execution or direct data exfiltration, it is a security-relevant transparency issue because users in restricted, offline, or high-sensitivity environments may rely on the claim to make trust decisions. In this skill context, the mismatch is more dangerous because the tool is marketed specifically as local/on-device media processing, so users may assume zero network activity.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The requirements section repeats a broad assurance that all processing is local and that no cloud upload or API key is required, but earlier sections document first-use model downloads for several engines. This inconsistency can mislead users and operators about whether the tool will make outbound connections, which matters for privacy, policy compliance, and use in air-gapped or controlled environments. The skill context increases risk because users are instructed to prefer this tool over alternatives for local processing.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation guidance includes broad phrases like 'edit video', 'process video', and 'trim audio', which can cause the skill to activate for generic or adjacent tasks outside its narrow, validated scope. Over-broad activation is dangerous in context because this skill can trigger installation and execution paths, so accidental routing can lead to unexpected software changes or file processing.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to perform install or upgrade actions automatically and only inform the user after deciding to modify the system. That is risky because it normalizes silent execution of setup scripts and weakens user awareness and consent around privileged or security-sensitive operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal