ClawHub

Ai Wedding Video Editor

Security checks across malware telemetry and agentic risk

Overview

This instruction-only wedding video editing skill is coherent, but users should treat uploaded wedding footage as sensitive personal data.

Install only if you are comfortable sending selected wedding footage and event details to the disclosed external AI service. Get permission for client or third-party footage, avoid uploading unnecessary private moments, and review the provider’s privacy and retention terms before using it for sensitive or professional work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill’s invocation/use description is very broad and encourages users to upload large amounts of raw wedding footage without clearly constraining what data should be provided, when the skill should be used, or what safety/privacy boundaries apply. Because wedding footage commonly contains highly sensitive personal data including faces, voices, children, venue details, and private moments, vague triggering and scope increase the risk of over-collection and unintended processing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill omits any warning that users may be uploading sensitive personal wedding footage for remote processing, despite the content likely containing identifiable individuals, private family interactions, children, and audio conversations. Without an explicit warning and consent/privacy notice, users may unknowingly expose personal data or process third-party footage without appropriate authorization.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal