ClawHub

Free Free Youtube

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud video-processing tool labeled as a YouTube downloader, but it can route broad prompts, URLs, files, and session state to a third-party backend.

Review before installing. Use it only for public or non-sensitive media and URLs, assume free-form video requests and uploads are sent to nemovideo.ai, avoid personal tokens unless you trust that service, and confirm you have rights to download or process the YouTube content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is presented as a simple YouTube downloader, but the implementation exposes a broader remote video-editing/rendering pipeline with session management, SSE messaging, uploads, exports, and state inspection. This mismatch can cause users and host systems to grant trust or permissions under narrower expectations than the skill actually needs, increasing the risk of unintended data transfer and misuse of a more capable backend.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The documented actions include general-purpose editing and rendering features that exceed the stated purpose of downloading YouTube videos. Excess capability increases attack surface and may allow the skill to process arbitrary user media or prompts in ways the user did not intend, especially when paired with broad routing rules.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation text is broad enough that ordinary requests about videos or exports could activate the skill unexpectedly. Overbroad triggering can silently route user content, URLs, or files to the external backend without sufficiently specific intent, which is risky for privacy and consent.

Vague Triggers

High
Confidence
95% confidence
Finding
The catch-all rule routes essentially any unmatched prompt into the SSE backend, creating an extremely permissive activation path. That means arbitrary user requests may be forwarded to a remote service for processing, expanding both data-exposure risk and the chance of unintended backend actions far beyond the advertised downloader purpose.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to connect to a cloud backend, create tokens, maintain sessions, and upload user-provided links/files, but it does not clearly warn users that their content will be transmitted to a third-party service. This creates a meaningful transparency and privacy issue because users may believe processing is local or limited to simple downloading.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal