ClawHub

Video Extractor

Security checks across malware telemetry and agentic risk

Overview

This video skill is not clearly malicious, but it can automatically create cloud sessions and route broad user prompts or media into a third-party processing backend without enough explicit consent.

Install only if you are comfortable sending videos, prompts, session metadata, and export jobs to the NemoVideo cloud service. Avoid using it with confidential, regulated, or personal media unless you have reviewed the provider’s privacy and retention terms, and confirm before any upload or export action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest markets the skill as simple highlight extraction, but the routing and action table expose broader editing/export behavior. This mismatch can mislead users and reviewers about the true operational scope, increasing the chance that users trigger cloud-side processing they did not reasonably expect.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The documentation reveals a general-purpose cloud rendering and editing pipeline, including session creation, SSE chat-driven edits, uploads, state inspection, and export. That is materially broader than the advertised clip extraction use case and creates hidden data-processing and action surface area that users may not knowingly consent to.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The instruction to start processing when the user merely shares files or says vague phrases like 'what you're thinking' is overly broad. Loose activation criteria can cause the skill to engage on ordinary conversation or file-sharing events, leading to unintended remote actions and transmission of user media.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The catch-all rule routing 'Everything else' to the SSE editing path creates effectively unbounded activation. This can transform unrelated user text into backend editing commands, increasing the risk of unexpected cloud processing, cost consumption, and privacy-impacting actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill performs automatic setup, obtains tokens, creates a remote session, and prepares for cloud video upload/processing without a clear privacy or data-transmission warning. Because user videos may contain sensitive personal or business content, silent or poorly disclosed transmission to a third-party service is a meaningful privacy and consent risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal