ClawHub

Video Editing With Microsoft

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud video editor, but its Microsoft-themed framing and broad automatic routing can send prompts and media to a Nemovideo service before users have a clear consent boundary.

Install only if you are comfortable sending selected media files and editing prompts to Nemovideo's cloud API. Treat NEMO_TOKEN as a credential, avoid sensitive footage unless you trust the provider's privacy and retention practices, and require explicit confirmation before setup, upload, SSE editing, export, or credit-consuming actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is marketed as editing Microsoft-originated video clips, but the documented accepted types expand to images, audio, and additional formats not reflected in the user-facing scope. This broadens the data-handling surface and can cause users or host agents to send unrelated media assets to a third-party backend without clear consent or expectation.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example phrases are generic enough to match common requests like 'export' or 'edit my raw video footage,' increasing the chance this skill activates when a user did not intend to invoke this specific third-party service. Misrouting can lead to unintended cloud API calls and media disclosure to the external provider.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The routing table includes an 'Everything else' catch-all that sends most remaining prompts to the SSE backend, effectively making broad natural-language input trigger external processing. This is dangerous because ordinary editing-related conversation can be exfiltrated to the remote service without a clear boundary or informed user choice.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs automatic token acquisition and session creation on first interaction, before meaningful user consent and without warning that data and identifiers will be sent to an external API. Even generating an anonymous token with a client UUID creates a persistent linkage and establishes third-party communication unexpectedly.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The description emphasizes convenience and performance but omits a clear warning that user media will be uploaded to and rendered by a remote cloud backend. For a media-processing skill, this omission is especially risky because uploaded videos may contain sensitive visual, audio, or metadata content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal