ClawHub

Video Audio Replace Online

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because a narrow audio-replacement tool can send broad editing prompts and media to an external cloud service.

Install only if you are comfortable sending selected videos, audio files, edit prompts, and render metadata to mega-api-prod.nemovideo.ai. Treat NEMO_TOKEN as an account credential, avoid private or sensitive footage, and be aware that the skill may handle more than simple audio replacement unless the agent/user keeps requests narrowly scoped.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is presented as a narrow audio-replacement tool, but the documented routing expands it into broader editing behavior. That mismatch can cause users or the host agent to send unrelated requests, files, and prompts to a third-party video-editing backend without informed consent, increasing unintended data exposure and action scope.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The file describes a full cloud render/compositing pipeline, export jobs, and draft/state handling that materially exceed a simple audio-swap capability. This broad backend access increases the blast radius of accidental or overbroad invocation, including more user media, metadata, and edit state being transmitted and processed than the skill name implies.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The branding and title emphasize audio replacement, while the documentation states that prompts about aspect ratio, text overlays, audio tracks, and other edits are routed into broader actions. This scope confusion is dangerous because users may authorize what they think is a narrow operation while the skill actually performs more general cloud editing tasks.

Vague Triggers

Medium
Confidence
96% confidence
Finding
Routing 'Everything else' to SSE creates an extremely broad catch-all trigger that can capture arbitrary user messages and forward them to the external backend. In an agent setting, this can cause unintended invocation, exfiltration of user text and context, and execution of out-of-scope operations with little user awareness.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The suggested phrase 'replace my video with audio' is ambiguous and could be interpreted as a general media-edit request rather than a precise audio-track swap instruction. Ambiguous invocation language makes accidental triggering more likely, especially when combined with broad backend routing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages users to upload media and issue editing prompts but does not clearly warn, up front, that those files and instructions are sent to a third-party cloud API for processing. Because videos and audio often contain sensitive personal, biometric, or copyrighted content, the lack of explicit disclosure and consent materially increases privacy and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal