ClawHub

Ai Voiceover Generator Free

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly malicious, but it can send broad prompts and uploaded media to a remote video service with wider editing scope than the listing makes obvious.

Install only if you are comfortable sending scripts, prompts, uploaded media, and project state to Nemo Video's remote API. Avoid confidential or regulated content, keep NEMO_TOKEN private, and use explicit voiceover/upload/export commands while the skill is active.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest frames the skill as a narrow voiceover generator, while the body documents a much broader remote video editing, session management, upload, state inspection, and export pipeline. This mismatch can mislead users and host platforms about the actual capabilities and data flows, reducing informed consent and weakening review controls.

Description-Behavior Mismatch

Low
Confidence
88% confidence
Finding
The skill advertises only MP4/MOV/TXT/DOCX in the manifest, but later claims support for many more media formats including audio and image files. This inconsistency can bypass user expectations and platform review assumptions, causing users to submit data types they did not realize would be accepted and processed remotely.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The startup prompt guidance includes broad phrases like sharing text or saying what the user is thinking, which could activate the skill during ordinary conversation without clear user intent. In a skill that automatically connects to a remote API and may create sessions/tokens on first interaction, overly broad activation increases the chance of unintended data transmission and external service usage.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The routing rule sends essentially every non-matching input to the SSE editing backend via a catch-all path. This creates excessive scope, making it easy for unrelated user messages to be forwarded to a remote service, which is especially risky because the skill supports session persistence and cloud processing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill repeatedly describes cloud/GPU processing but does not provide a clear upfront warning that user prompts, scripts, and uploaded files are transmitted to third-party remote services. This undermines informed consent and is more serious here because the skill handles potentially sensitive media, documents, and text content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal