ClawHub

Tiktok Free Youtube

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud video-processing connector that is mostly disclosed, but it is broader and more automatic than its TikTok-to-YouTube description suggests.

Install only if you are comfortable sending videos, prompts, metadata, and render/session state to mega-api-prod.nemovideo.ai. Avoid sensitive or proprietary footage unless you trust that service, and prefer explicit confirmation before uploads, non-conversion edits, exports, or credit-consuming actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest presents the skill as a narrow TikTok-to-YouTube converter, but the body documents a much broader cloud video editing and rendering system. This capability mismatch is security-relevant because it can cause users and host platforms to grant trust, permissions, and data access under false assumptions while the skill can perform substantially wider remote operations.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The documented actions expose generic media-generation and editing behavior beyond the stated purpose of watermark-free TikTok conversion. Broad, unjustified functionality increases attack surface and makes it easier to repurpose the skill for unintended remote processing tasks, especially when combined with flexible SSE-driven backend commands.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documentation explicitly enables multi-track composition, text overlays, audio editing, and iterative project refinement, which materially exceeds a simple converter role. In context, this hidden expansion of capability makes the skill more dangerous because users may unknowingly transmit richer media projects and prompts to a third-party backend than the advertised purpose suggests.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Routing 'everything else' to the SSE action is an overly broad trigger that effectively turns arbitrary user input into backend-directed operations. Because the SSE path appears to drive a general-purpose remote editing/chat workflow, this creates a prompt-injection and unintended-action surface where unrelated or ambiguous requests may be sent to the external service and acted on with minimal constraint.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs automatic connection to a remote backend, token acquisition, session creation, and subsequent media/request transmission without clear upfront notice or consent. This is dangerous because users may unknowingly upload videos, prompts, and metadata to a third party, creating privacy, compliance, and data-governance risks that are amplified by the skill's misleadingly narrow marketing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal