ClawHub

With Ai Ai

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only AI video editing skill that clearly centers on uploading media to a cloud rendering service, with no installer scripts or unrelated privileged behavior found.

Install only if you are comfortable sending videos, audio, images, prompts, and related session metadata to nemovideo.ai for processing. Avoid private or regulated content unless you have reviewed the provider's privacy and retention terms, and use a throwaway or limited token when possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The routing rule sends essentially all unmatched prompts to the SSE edit action, which can cause unintended requests and user data to be forwarded to the remote backend without sufficiently specific intent. In a skill that uploads media and relays free-form prompts to a cloud service, broad catch-all dispatch increases the chance of accidental data disclosure, unexpected billable actions, or confusing behavior that the user did not explicitly request.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill encourages users to send clips and prompts for AI processing but does not clearly warn that both media and text are transmitted to a third-party cloud backend. Because uploaded videos may contain sensitive personal, business, or location data, the lack of explicit disclosure undermines informed consent and can lead to privacy and compliance issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal