ClawHub

Mosaic Video Editor

Security checks across malware telemetry and agentic risk

Overview

This Mosaic video-editing skill is mostly coherent, but it gives an agent power to persist an API key, change billing, and publish or delete social content without strong confirmation safeguards.

Install only if you trust the agent with a Mosaic API key and are comfortable with it operating your Mosaic account. Require explicit approval before storing the key, uploading sensitive media, using callback URLs, connecting or disconnecting social accounts, publishing/updating/deleting posts, upgrading plans, or enabling auto top-ups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description is broad enough to trigger on common requests involving posting content or account management, which can cause the agent to invoke a high-privilege integration in situations where the user did not clearly intend to use Mosaic. Because this skill can publish content, manage social accounts, and affect billing-related settings, overbroad routing increases the chance of unintended external actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to ask for an API key and store it in the environment for future sessions without an explicit user-facing warning about persistence, scope, or sensitivity. This creates a credential-handling risk because users may unknowingly provide a long-lived secret that could be retained beyond the immediate task and reused in later contexts.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The node description states that Gemini analyzes the user's video, but it does not clearly warn that uploaded content is sent to a third-party AI service for analysis. This can cause users or downstream agents to process sensitive video data without informed consent, creating privacy, compliance, and data-handling risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow instructs the agent to perform plan upgrades and enable auto top-ups as part of an operational recovery flow, but it does not require an explicit billing-impact warning or renewed user confirmation immediately before each charge-affecting action. In an agent context, this creates a real risk of unauthorized purchases, surprise recurring charges, or overly broad implied consent, especially when the user originally asked only to continue a blocked run.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow explicitly encourages use of a `callback_url` but provides no warning that run status or output metadata may be transmitted to an external endpoint controlled by the caller. In a skill that automates video workflows and account actions, this omission can lead agents to forward potentially sensitive run data to arbitrary third-party webhooks without user awareness or validation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow documents actions that can publish content publicly, disconnect linked social accounts, and delete posts, but it provides no warning about irreversible or externally visible effects. In an agent skill, this increases the risk that an autonomous system or inattentive operator triggers account-state changes or public posting without adequate confirmation or user consent.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal