ClawHub

Best Video Editing

Security checks across malware telemetry and agentic risk

Overview

This is a coherent cloud video-editing skill, but users should understand that uploaded media and prompts are sent to NemoVideo's external service.

Install this only if you are comfortable sending selected media files, prompts, and editing metadata to mega-api-prod.nemovideo.ai. Use a limited token where possible, monitor credits, and avoid uploading private, regulated, or proprietary footage unless you trust the provider's privacy and retention practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs uploading user video to a remote backend and describes cloud GPU processing, but it does not clearly warn users that potentially sensitive media will leave the local environment and be stored or processed by a third party. This creates a privacy and data-governance risk, especially for personal, unpublished, or regulated video content, because users may reasonably assume an in-chat/local workflow if not told otherwise.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill silently uses an existing NEMO_TOKEN or automatically acquires an anonymous token from a third-party API without a user-facing notice or consent step. Automatic credential use and token provisioning can mask network activity, create unexpected third-party accounts/sessions, and cause users to unknowingly consume credits or bind activity to an ambient credential.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal