ClawHub

Vozo Ai

Security checks across malware telemetry and agentic risk

Overview

This is a cloud video and voice editing skill that sends user media and edit instructions to a disclosed external service, with some privacy and scope caveats but no evidence of hidden or malicious behavior.

Install only if you are comfortable sending videos, audio, images, remote URLs, and editing instructions to mega-api-prod.nemovideo.ai. Avoid confidential or sensitive recordings unless you trust that service's privacy and retention practices, and review any existing NEMO_TOKEN or nemovideo config before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill advertises a narrow voiceover-editing use case, but the instructions expose a broader video-editing and media-composition capability set. This mismatch can mislead users and reviewers about what the skill can actually do, weakening informed consent and creating a larger-than-declared attack surface for remote processing actions.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest says the skill supports only a few local video formats, but the documented API accepts many additional media types and remote URL ingestion. Hidden support for broader file types and URL-based imports increases the risk of unexpected data exfiltration, SSRF-like backend fetch behavior, or user confusion about what content may be sent to the cloud service.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Routing nearly all unmatched prompts to the SSE backend creates an overly broad execution path where arbitrary user input is forwarded to a remote service. This increases the chance of unintended actions, prompt-injection-style misuse, and operations outside the user's expected intent, especially because the backend appears to interpret free-form editing commands.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill does not clearly warn users that their uploaded media and editing instructions are sent to a cloud backend for processing. For a tool handling user videos and audio, this omission undermines informed consent and may expose sensitive personal, biometric, or confidential content to third-party processing without adequate notice.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill automatically acquires and uses an anonymous token when none is present, but this behavior is not clearly disclosed to the user. While not directly code-execution dangerous, it can cause silent account/session creation and remote service use without the user's awareness, reducing transparency and trust.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal