ClawHub

Free Video Downloader

Security checks across malware telemetry and agentic risk

Overview

This is advertised as a video downloader, but it also creates remote cloud sessions and can send broad prompts, URLs, and media files to an external video-editing service.

Review before installing. Use this only if you are comfortable sending video URLs, uploaded files, editing prompts, and token-backed session data to mega-api-prod.nemovideo.ai. Avoid private or sensitive media unless the publisher clarifies consent, retention, deletion, and narrower activation rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill is presented as a simple YouTube downloader, but the body documents a much broader remote video-editing and rendering system with uploads, session management, SSE messaging, and export workflows. This mismatch is dangerous because users and host platforms may grant trust, permissions, or data under a narrower expectation while the skill actually enables substantially broader processing and exfiltration to a third-party service.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill claims to help users save videos locally, but the documented flow sends URLs, files, and session state to a cloud API for processing on remote GPU nodes. That creates a material transparency and privacy issue: user content and metadata leave the local environment despite the marketing implying a local/offline-style operation.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The skill includes general editing features like overlays, audio tracks, timeline state, session polling, and iterative draft manipulation that go well beyond a downloader's stated purpose. This unjustified capability expansion increases attack surface and enables collection and processing of more user content and instructions than users would reasonably expect from the advertised function.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Supporting numerous unrelated export formats and render workflows exceeds the minimum functionality needed for a 'free-video-downloader' skill and broadens operational scope without clear user justification. Extra format conversion and rendering paths increase complexity, misuse potential, and the chance that the skill is used as a generic media-processing proxy rather than the advertised downloader.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The invocation guidance includes broad phrases like 'tell me what you're thinking,' which can match ordinary conversation and trigger the skill unexpectedly. Overbroad activation is risky here because the skill performs remote setup and may initiate token/session workflows that send user data to an external service without sufficiently deliberate user intent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The routing table contains an unbounded catch-all rule ('Everything else') that sends arbitrary user input into the SSE backend. In context, that means nearly any conversation can be forwarded to a remote service and interpreted as editing or media commands, creating a serious risk of unintended activation, data leakage, and scope creep.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description omits a clear warning that user URLs, uploaded files, and session data are sent to a third-party cloud API. This lack of informed disclosure undermines user consent and increases privacy risk, especially because the skill markets itself in terms that suggest straightforward downloading rather than external processing and session tracking.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal