ClawHub

Nano Banana Editing Video

Security checks across malware telemetry and agentic risk

Overview

This is a cloud video-editing skill that sends user-provided clips and edit prompts to NemoVideo, which matches its stated purpose but has privacy implications.

Install only if you are comfortable sending selected media, URLs, edit prompts, and render metadata to NemoVideo's cloud service. Avoid confidential, sensitive, copyrighted, or location-revealing clips unless you have reviewed the provider's privacy, retention, and deletion terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The routing table sends all unmatched prompts to the SSE editing action, which can cause ordinary conversational input or ambiguous requests to be forwarded to a remote backend. In this skill, that backend can trigger stateful editing operations and cloud processing, so overbroad intent matching increases the risk of unintended external actions, surprise data processing, and accidental spend or session mutations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs users to upload local video files or provide remote URLs to a third-party API, but it does not present a clear privacy notice, retention policy, or warning that media and linked content will leave the local environment. Because video clips may contain faces, voices, location metadata, or other sensitive content, silent transfer to a cloud service creates a meaningful privacy and data-handling risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal