ClawHub

Ai Video Editor Change Face

Security checks across malware telemetry and agentic risk

Overview

This is a cloud face-swap/video-editing skill, but it can route broad editing requests and sensitive media to a third-party backend with limited user-facing disclosure.

Review before installing. Use only media you have rights and consent to process, assume uploaded files and prompts go to NemoVideo's cloud backend, avoid ambiguous non-face-swap editing requests, and prefer a dedicated revocable NEMO_TOKEN.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is marketed as a narrowly scoped face-swapping tool, but the documented routing and API surface expose a much broader general-purpose video editing capability including uploads, state inspection, credits lookup, and export workflows. This scope mismatch can cause over-privileged activation and unintended handling of user requests or media beyond what users reasonably expect from the skill description.

Context-Inappropriate Capability

Low
Confidence
82% confidence
Finding
Including account/credit balance checking in a face-swap skill introduces access to account-related information that is not necessary for the core function. While low severity, it expands the data and action surface and may surprise users or expose billing state without clear need or consent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation guidance matches generic video-editing requests such as aspect ratio, text overlays, and audio tracks, which exceeds the stated face-swapping purpose. Overbroad triggers increase the chance the skill intercepts unrelated prompts and sends user content or commands to an external backend unexpectedly.

Vague Triggers

High
Confidence
98% confidence
Finding
The fallback rule routing 'Everything else' to SSE is effectively catch-all behavior, allowing nearly any unmatched user request to be forwarded to the remote backend. In a skill that uploads media and creates sessions automatically, this creates a high risk of unintended data exposure, over-collection, and off-scope execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill processes videos and media through a cloud backend but does not provide a prominent warning or consent-oriented disclosure before users upload potentially sensitive content. For a face-swapping workflow, uploaded videos may contain biometric and highly personal data, making undisclosed remote processing more sensitive than ordinary file handling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal