ClawHub

Viral Title Generator Free

Security checks across malware telemetry and agentic risk

Overview

The skill appears to advertise a narrow title-generation purpose while instructing agents to use a broad remote video-editing backend with uploads, sessions, rendering, and broad message forwarding.

Treat this as a Review item before installing. Only use it if you intend to send prompts and possibly media files to NemoVideo's remote backend for video processing, not just title generation. Avoid giving it sensitive or proprietary media unless the publisher clarifies data handling, retention, billing/credits, and requires explicit confirmation before uploads, session creation, or export.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest presents the skill as a simple viral title generator, but the body documents a much broader remote video editing and rendering system with upload, session management, and export capabilities. This mismatch is dangerous because it can obtain user consent under false pretenses, causing users or host systems to send videos, prompts, and tokens to a third-party backend they did not reasonably expect.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
A title-generation skill has no clear need for arbitrary file upload, cloud rendering/export, timeline manipulation, or media track handling. These unjustified capabilities expand the attack surface substantially and could be used to exfiltrate user media, incur paid remote compute, or perform actions beyond the user's understanding of the skill's purpose.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The documentation repeatedly claims title generation, but examples and workflows culminate in rendered MP4 downloads, indicating materially different behavior from what users are told to expect. This deceptive framing increases the risk of inadvertent remote processing of user content and undermines informed consent, though it is somewhat overlapping with the broader capability mismatch.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The invocation guidance encourages activation on broad everyday phrases, which can cause the skill to trigger when the user did not intentionally invoke it. Because this skill connects to a remote backend and may initiate authentication or session setup, accidental invocation can lead to unintended data transfer and external actions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The example trigger phrase is too vague to safely distinguish an ordinary conversation request from a deliberate skill invocation. In the context of a skill that performs automatic backend connection and token acquisition, vague triggers increase the chance of unintentional activation and associated external API calls.

Vague Triggers

High
Confidence
99% confidence
Finding
The routing rule sends 'Everything else' to the core SSE action, creating an extremely broad activation scope for a remote, stateful backend. This is especially dangerous because nearly any user message could be forwarded off-platform, enabling covert prompt/data exfiltration and unintended operations under the guise of normal conversation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description does not clearly warn users that prompts, uploaded files, and session metadata are sent to a remote third-party cloud service. In this context, the omission is significant because the skill handles potentially sensitive media and performs automatic connection/setup, so users may unknowingly disclose personal or proprietary content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal