ClawHub

Video Free

Security checks across malware telemetry and agentic risk

Overview

This is a cloud video-editing skill, but it needs Review because it encourages watermark/subscription bypass language and sends broad user input and media to a third-party backend.

Install only if you are comfortable sending video files, prompts, URLs, and related metadata to nemovideo.ai. Do not use it for confidential recordings or to remove/bypass watermarks, subscriptions, or access restrictions, and prefer a version that clearly asks for consent before upload and limits use to media you own or are authorized to edit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The routing table sends essentially all unmatched prompts to the SSE backend, which means arbitrary user text is forwarded to a remote service with broad edit/execution semantics. In this skill, that increases the chance of unintended actions, data disclosure to the cloud backend, and abuse of a highly permissive command channel rather than constraining behavior to narrowly defined operations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill asks users to upload video clips and states that processing happens on a cloud backend, but it does not present a clear, upfront privacy warning at the point of collection. Users may unknowingly send potentially sensitive media and metadata to a third-party service, creating privacy, compliance, and consent risks.

Ssd 4

Medium
Confidence
95% confidence
Finding
The skill repeatedly normalizes "edit and export ... without a watermark for free" and similar phrasing about avoiding paid subscriptions, which steers the agent toward facilitating circumvention of watermarking and paywall-style restrictions. In context, this is not incidental wording: it is central marketing language that encourages potentially unauthorized removal of usage restrictions and makes abuse more likely.

Ssd 2

Medium
Confidence
93% confidence
Finding
The phrase "without watermarks or paid subscriptions" is a euphemistic restatement of bypassing product restrictions, which can evade simple abuse-pattern filters while still conveying the same prohibited outcome. Because this skill is explicitly about processing media through a backend service, such wording materially raises the risk that the agent will assist with unauthorized circumvention at scale.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal