ClawHub

see-video

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it turns a user-provided video into a temporary frame grid for a multimodal model, with privacy awareness needed for sensitive videos.

Install only if you are comfortable sending extracted video frames to the multimodal model or platform your agent is using. Avoid sensitive, private, regulated, or third-party videos unless you have authorization and understand your provider's retention and logging policies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes injecting extracted video frames directly into the LLM context but does not warn that frames may contain sensitive personal, confidential, or regulated data that will be exposed to the model and any connected platform handling the prompt. In a security-sensitive or enterprise setting, this omission can cause users to send private visual content to an external model or logging pipeline without informed consent or data-minimization safeguards.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The planned audio transcription feature mentions using local Whisper or an API but does not warn that audio content may be sent to a third-party transcription service, potentially exposing speech, PII, credentials, or confidential discussions. Because transcripts are then merged into model context, the absence of disclosure increases the risk of unintentional data exfiltration and broader propagation of sensitive content.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal