ClawHub

Social Copy Generator Online

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud video/social-copy helper, but users should only use it with media and prompts they are comfortable sending to NemoVideo.

Before installing, understand that opening the skill may contact NemoVideo to create or use a token and session, and any media or prompts you upload may be processed off-device. Avoid confidential, regulated, customer-owned, or copyrighted content unless you trust the provider and have permission to share it; keep NEMO_TOKEN private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The manifest presents the skill as a narrow social-copy generator, but the body exposes a much broader remote video editing, upload, session management, and render pipeline. This mismatch can mislead users and host platforms about the actual capabilities and data flows, increasing the chance that users provide files or approvals they would not have granted if the full scope were disclosed.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The advertised scope says the skill works with video files up to 500MB, but later documentation allows images and audio formats as accepted inputs. That discrepancy weakens informed consent and input-boundary enforcement, making it easier for users to unknowingly upload additional media types to the cloud backend.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to automatically contact a remote service and even obtain an anonymous token on first use without a clear user-facing warning or consent checkpoint. Silent network access and credential acquisition are dangerous because they initiate third-party data exchange and session creation before the user has explicitly agreed to external processing.

Missing User Warnings

High
Confidence
98% confidence
Finding
The user-facing description says the skill will handle AI processing on cloud GPUs, but it does not clearly warn that uploaded media is transmitted to a third-party cloud service for processing and storage within a remote session. For media-processing skills, this omission is especially risky because videos often contain sensitive personal, corporate, or copyrighted content.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The metadata advertises use of a local environment token and configuration path, but the skill does not clearly disclose that it may access locally available credentials/configuration to authenticate with a remote service. Even if limited to declared paths, undisclosed credential use can surprise users and weaken trust boundaries between local secrets and external APIs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal