ClawHub

Video Editing Software

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud-backed video editing assistant, but users should understand that prompts and selected media may be sent to NemoVideo’s backend.

Install only if you are comfortable with a third-party cloud video service handling your editing prompts, selected media, project state, and rendered outputs. Avoid uploading private or confidential footage unless you trust the provider, and keep any NEMO_TOKEN private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is presented as a guidance/coaching tool, but these instructions direct the agent to create tokens, establish backend sessions, and operate a remote cloud service. That creates a capability mismatch: users may believe they are only receiving advice while the agent actually initiates network actions and account/session activity, which can lead to undisclosed data handling and unauthorized external operations.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The routing logic sends user requests into backend editing and export workflows instead of only generating instructional guidance. In the context of a skill marketed as software help, this materially expands the trust boundary and can cause the agent to perform actions on user content and remote systems without clear expectation or consent.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill declares access to local environment variables and configuration paths to obtain service credentials and context, despite its stated role being editing-software guidance. Accessing local secrets and config broadens exposure unnecessarily and can leak sensitive tokens or metadata if the skill or its backend is misused or compromised.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The upload endpoint allows local files or remote URLs to be sent to an external backend, which exceeds what users would expect from a coaching/troubleshooting skill. This creates direct privacy and data-exfiltration risk, especially for unpublished footage, personal media, or URLs that may contain sensitive or internal content.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill performs actual rendering/export operations and returns downloadable output URLs, which is inconsistent with a guidance-only description. Exporting processed user media to third-party infrastructure can expose content, create unauthorized artifacts, and mislead users about where outputs are stored and who can access them.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup flow instructs automatic cloud connection and token acquisition but does not require a user-facing privacy notice explaining that requests, identifiers, and possibly future media/session data will be sent to an external service. This omission undermines informed consent and can lead users to unknowingly share data with a third party.

Missing User Warnings

High
Confidence
99% confidence
Finding
The upload workflow lacks any user-facing warning that files or URLs will be transmitted to an external backend for processing. In this skill context, that is especially dangerous because users are likely to share raw footage, drafts, and other sensitive media under the assumption they are only receiving editing advice.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal