ClawHub

Skill

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Remotion guide with disclosed install, render, troubleshooting, and optional cloud-deployment commands that fit its video-generation purpose.

Install if you want Remotion video-generation help. Before letting an agent run commands, review npm/npx installs, local renders, cleanup commands, and any AWS or Cloud Run deployment; use least-privilege cloud credentials and confirm the target account/project to avoid unwanted costs or resource changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly frames the AI as executing commands that create projects, render outputs, and deploy cloud infrastructure, but it does not warn about local system changes, network access, credential usage, or potential cloud costs. In an agentic environment, this can lead to unreviewed side effects such as package installation, file creation, service provisioning, or billable compute jobs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide recommends destructive commands such as removing node_modules/package-lock.json and later force-killing a process with kill -9, but does not include cautions about data loss, verifying the target, or safer alternatives. In a troubleshooting document, users often copy-paste commands verbatim, so omission of warnings can cause accidental deletion or termination of unrelated work.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The Lambda troubleshooting section suggests deployment actions, timeout changes, IAM permission checks, and site redeployment without warning that these operations affect cloud resources, billing, and account security posture. Users may execute them without understanding account-wide impact, potentially broadening permissions or creating unwanted cloud resources.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal