ClawHub

Video Audio

Security checks across malware telemetry and agentic risk

Overview

The skill appears useful for media processing, but it sends user media and broad edit prompts to a remote backend with broader capabilities than its stated purpose makes clear.

Install only if you are comfortable sending the relevant media and edit instructions to the remote service. Avoid using it with private, regulated, or confidential recordings unless the provider’s privacy, retention, and billing terms are acceptable, and prefer explicit confirmation before uploads or broad edit requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is presented as a narrow audio-enhancement tool, but the documented routing and backend capabilities expose broader video editing and media generation behavior. This scope mismatch can mislead users into providing content under a narrower trust assumption than the skill actually requires, reducing informed consent and increasing the chance of unintended remote processing.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The listed supported formats and workflows extend beyond the declared use case of enhancing uploaded video audio, including image and audio-only export paths. This discrepancy broadens the effective attack and privacy surface because users and hosting platforms may approve the skill for one purpose while it can process materially different content types.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Routing nearly all unmatched requests to the SSE action gives the remote backend broad authority over user prompts, including requests outside the advertised feature set. In this skill, that is more dangerous because the SSE path is tied to a general remote agent session, making unintended actions or data handling more likely when prompt classification is vague.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to automatically obtain a token and connect to a remote processing API on first interaction, before meaningful user consent or clear disclosure of remote data handling. Because this skill processes uploaded media, automatic setup can lead to silent credential issuance and transmission of potentially sensitive video/audio content to third-party infrastructure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal