ClawHub

Ai Video Editor Change Words

Security checks across malware telemetry and agentic risk

Overview

This skill appears to use a real cloud video-editing workflow, but its broad routing and limited off-device data disclosure make accidental upload of sensitive videos more likely.

Install only if you are comfortable with selected videos, editing prompts, metadata, and generated outputs being sent to NemoVideo cloud services. Confirm before uploads or exports, avoid confidential or regulated footage, and keep any service token private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a narrowly scoped 'change words in videos' capability, but the documentation expands it into a broad, general-purpose cloud video editor with uploads, SSE-driven edits, state inspection, credits, and export workflows. This scope expansion increases the chance the skill is invoked for unintended editing tasks and broadens what user content and instructions may be sent to the remote service without clear expectation alignment.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The starter prompts are broad enough that ordinary editing-related conversation such as 'edit my existing video file' or 'export 1080p MP4' could invoke the skill even when the user did not specifically intend cloud-based word replacement. Overbroad triggers can cause accidental activation, unnecessary upload of user media, and unanticipated transmission of editing instructions to the backend.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The routing table contains a catch-all rule that sends 'Everything else' to the SSE editing path, effectively treating nearly any unmatched prompt as an instruction for the remote editor. In security terms, this materially widens the skill's operating surface and makes accidental or unexpected processing of user requests more likely.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directs the agent to connect to a third-party backend, obtain or mint tokens, create sessions, and process uploaded video files and editing instructions in the cloud, but it does not clearly warn users that their media and prompts are being sent off-device. Because videos may contain sensitive personal, business, or biometric content, lack of explicit disclosure undermines informed consent and creates a meaningful privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal