ClawHub

Automatic Music Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it gives a third-party video service broad cloud editing and upload authority beyond the narrow music-generator framing.

Review before installing. Use this only if you trust Nemovideo with the videos, audio, images, prompts, and account token involved. Prefer explicit confirmation before any upload, edit, export, or use of an existing NEMO_TOKEN, especially for private or commercial media.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is presented as an automatic music generator, but the documentation exposes a broader cloud video editing and rendering pipeline with upload, state inspection, SSE editing, and export capabilities. This scope expansion can cause unintended invocation and data handling beyond user expectations, increasing the chance that users send additional media or perform broader remote operations without informed consent.

Description-Behavior Mismatch

Low
Confidence
84% confidence
Finding
The manifest markets the skill as accepting only common video inputs up to 500MB, while the body documents support for many other formats including images and audio. This mismatch can mislead users and host systems about what data types may be uploaded to the external service, weakening policy enforcement and user consent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The routing rules include a broad catch-all that sends nearly any related editing request to the SSE backend, which risks over-invocation and accidental transmission of user prompts and possibly attached content to a third-party service. In a skill that performs remote processing, overly broad triggers increase the chance of unintended activation and data exposure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The getting-started flow instructs the agent to automatically connect to an external processing API and later upload videos and prompts, but it does not clearly warn users that their content is sent to a cloud service. This creates a privacy and consent issue, especially because video files and free-form prompts may contain sensitive or proprietary material.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The metadata declares use of the NEMO_TOKEN environment variable without any user-facing explanation that an existing credential may be consumed automatically. Silent use of ambient credentials can surprise users and may bind actions to a paid or privileged account without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal