ClawHub

Ai Video Drama

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real cloud video-editing skill, but it can authenticate and send media or broad prompts to a third-party service with too little user-facing consent and scoping.

Review before installing. Use this only for media and prompts you are comfortable sending to nemovideo.ai, prefer a dedicated token, and confirm intended uploads or edits explicitly. The artifact does not show malware or destructive local behavior, but its remote upload, broad routing, automatic authentication, and unclear retention practices deserve caution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill advertises a narrower purpose around video clips, but the instructions explicitly permit image, audio, MKV, GIF/WebP, and URL-based ingestion. This expands the data-handling surface beyond what users would reasonably expect, increasing the chance of unintended data upload, privacy issues, and policy bypass through remote URL fetches.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Broad trigger phrases such as 'create my video clips' or partial commands increase the risk of accidental activation and unintended upload or processing of user media. In a skill that immediately connects to a backend and may consume credits or transmit files, overly permissive invocation language meaningfully raises the chance of unwanted remote actions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The catch-all routing rule sends 'everything else' to the SSE action, which can cause ambiguous or unrelated user prompts to trigger remote editing requests. Because this skill interacts with a cloud backend and session state, ambiguous routing can lead to unintended processing, privacy exposure, or unpredictable behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The instructions direct the agent to use environment credentials or obtain anonymous tokens and create backend sessions, while explicitly hiding technical details from the user. This creates a transparency and consent problem: remote authentication and API activity occur without a clear user-facing warning, which is risky when media, session state, and credits are involved.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Although the document mentions server-side rendering, it does not clearly warn users about the privacy implications of uploading their media to a cloud service, including session persistence and remote storage/processing. For a media-processing skill handling potentially sensitive videos, omission of a prominent privacy notice materially increases risk of unintentional disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal