ClawHub

Ai Video Editor Creator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate cloud video-editing skill, but it can automatically create remote sessions and send broad user prompts and uploaded videos to NemoVideo with weak intent boundaries.

Review before installing. Use it only for videos and editing instructions you are comfortable sending to NemoVideo's cloud service, and prefer explicit confirmation before token creation, upload, session creation, or forwarding unmatched prompts to the SSE backend.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The startup prompt invites users to 'share your raw video footage' or 'tell me what you're thinking,' which is broad enough to trigger the skill from vague conversation rather than clear editing intent. In an agent environment, overly permissive invocation text can cause unintended routing to a skill that uploads media to a remote service, increasing the chance of accidental data transfer or action execution.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The example trigger 'create my raw video footage' is ambiguous and could match unrelated user requests involving creation, media, or drafts without a clear request to edit/upload/export a video. Because this skill provisions tokens and sends content to a cloud backend, ambiguous activation raises the risk of misrouting and unintended external processing.

Vague Triggers

High
Confidence
95% confidence
Finding
The routing rule sends 'everything else' to the SSE editing backend, effectively treating any unmatched prompt as authorization to contact the remote service. This is dangerous because it maximizes accidental activation, may forward unrelated or sensitive text to the vendor backend, and broadens the attack surface for prompt-injection-style misuse through generic conversations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Although the document later mentions remote GPU processing, the user-facing description and early workflow do not prominently warn that uploaded media is transmitted to a third-party cloud backend. For a skill handling raw user video, this lack of upfront disclosure can lead to uninformed sharing of potentially sensitive media and metadata.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal