ClawHub

Unified Video Lyrics Online

Security checks across malware telemetry and agentic risk

Overview

This skill appears to send media and prompts to a NemoVideo cloud backend with broad editing authority that is not tightly scoped to its advertised lyric-sync purpose.

Review before installing. Use it only if you intend to send video/audio files, prompts, project state, and render jobs to NemoVideo's cloud service, and avoid private or sensitive media unless the publisher clarifies consent, retention, deletion, and narrower activation rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is marketed as a narrow lyric-sync tool, but the documented backend supports general-purpose remote video editing, upload, state inspection, and export workflows. This scope mismatch can mislead users and orchestrators into sending broader media-editing requests and sensitive files to a service with capabilities beyond the declared purpose, reducing informed consent and weakening least-privilege boundaries.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to obtain anonymous tokens and manage account credits, which expands it from media processing into credential acquisition and account lifecycle behavior. This is dangerous because it enables autonomous access provisioning against a third-party service and can create unauthorized usage, billing exposure, and abuse pathways unrelated to the user’s immediate lyric-sync request.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation examples are broad and loosely phrased, making the skill easy to trigger for generic video-processing requests rather than a tightly scoped lyric-sync workflow. Overbroad activation increases the chance of accidental invocation, unintended file transfer to remote services, and misuse of a skill with hidden networked side effects.

Vague Triggers

High
Confidence
97% confidence
Finding
Routing 'Everything else' to the main SSE action creates an effectively catch-all trigger that can capture arbitrary user prompts and forward them to the remote backend. In context, this is especially risky because the skill supports uploads, session state, and rendering, so broad matching can lead to unintended processing of sensitive content or actions outside the user’s expectations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill does not prominently warn users that uploaded videos, audio, prompts, and session data are transmitted to a third-party backend for processing. This omission undermines informed consent and can expose sensitive media, personal data, or copyrighted content to remote services without adequate disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal