ClawHub

Zencreator Video

Security checks across malware telemetry and agentic risk

Overview

This cloud video-editing skill is mostly coherent, but it automatically creates backend sessions and broadly routes prompts/media to an external service with limited user-facing control.

Install only if you are comfortable sending selected videos, audio, images, URLs, editing prompts, and render metadata to the Nemo Video cloud service. Prefer a dedicated NEMO_TOKEN, confirm before uploads or exports that may use credits or create cloud jobs, and avoid sensitive footage unless you trust the provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Low
Confidence
89% confidence
Finding
The skill instructs the agent to obtain and use authentication tokens, including minting anonymous starter tokens and managing credit-related flows, which goes beyond basic video editing. This expands the skill's authority into account/resource access and can lead to unintended account creation, token handling, and consumption of backend credits without clear user consent.

Context-Inappropriate Capability

Low
Confidence
82% confidence
Finding
Exposing credit balance as a first-class action is not necessary for the core task of editing/exporting video and broadens the operational scope of the skill into account inspection. While lower severity than direct token acquisition, it still reveals account/resource state and encourages backend account interactions not clearly justified by the advertised functionality.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger guidance is broad enough that ordinary conversational phrases could activate the skill unexpectedly, increasing the chance that user media or prompts are sent to the backend without clear intent. In a skill that uploads files and uses tokens, overbroad activation materially raises privacy and authorization risk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The catch-all routing rule sends 'everything else' to the SSE backend, which can cause almost any prompt in context to be forwarded externally. This is dangerous because it creates a default exfiltration path for user text and possibly workflow state, especially when combined with automatic connection setup.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes cloud processing but does not clearly warn users that their uploaded media and prompts are transmitted to a third-party backend. Because the content may include sensitive video, audio, and embedded personal information, lack of clear disclosure creates significant privacy and data-handling risk.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill uses environment-backed credentials and session/token handling without warning the user that account-linked credentials may be exercised against the backend. This can surprise users and lead to unanticipated use of personal or workspace accounts, credits, and associated metadata.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
Forcing the session language to English without asking the user can cause unintended transmission or transformation of multilingual content and degrades user control over processing context. This is primarily a consent and correctness issue rather than a direct exploit, but it can still affect privacy and output integrity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal