ClawHub

Video Editor Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud video-editing helper that sends selected media and edit instructions to NemoVideo for processing.

Install only if you are comfortable sending selected media files, edit prompts, and a NemoVideo token to NemoVideo's cloud API. Avoid confidential, regulated, or highly personal recordings unless you trust the provider's privacy, retention, and billing practices, and be cautious with ambiguous prompts because the skill may route them to the remote editing workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The routing rule sends essentially all unmatched prompts into the editing workflow, which can cause unintended invocation of remote processing actions for requests that were not clearly about video editing. In this skill, that broad fallback is more dangerous because the workflow can lead to API calls, session creation, and eventual upload/export behavior against an external service, increasing the risk of accidental data handling and surprise side effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to send raw video footage for processing on a remote API, but it does not present a clear, upfront warning that files and related metadata will be transmitted to an external third-party service. This is risky because users may share sensitive recordings under the assumption processing is local or agent-native, especially given the automatic setup and upload-oriented workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal