ClawHub

Editor De Video Con Ia

Security checks across malware telemetry and agentic risk

Overview

This is a real cloud video-editing skill, but it needs review because it can automatically authenticate, create remote sessions, and send media or broad prompts to a third-party backend without clear user control.

Install only if you are comfortable sending selected videos, audio, prompts, URLs, and processing metadata to the NemoVideo cloud backend. Avoid private, regulated, or third-party media unless you have permission and understand the service's retention and deletion terms; use explicit commands and confirm uploads, URL imports, and exports before proceeding.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as handling user-uploaded raw footage, but it also supports fetching arbitrary remote URLs as media sources. That expands the trust boundary and can enable server-side fetching of attacker-controlled URLs, creating SSRF-style risk, unauthorized access to internal resources, or ingestion of untrusted content without clear user awareness.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to mint anonymous backend tokens whenever an environment token is absent, which creates new backend credentials beyond the user's explicit provisioning. That is risky because it enables unreviewed third-party authentication flows, can bypass normal account controls, and may facilitate abuse of the external service under anonymous credits.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The invocation examples are broad enough that common phrases like 'export 1080p MP4' could activate the skill without the user fully understanding that a cloud video-editing backend will be contacted. This increases the chance of accidental invocation and unintended transmission of user media or prompts to the third-party service.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The catch-all rule routes 'everything else' to the SSE backend, which is overly permissive and lacks clear scope boundaries. In practice, unrelated or ambiguous user text could be forwarded to the external service, causing unintended data disclosure or backend actions outside the user's informed expectations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill description emphasizes convenient AI editing but does not clearly warn users that their media is uploaded to and processed by a cloud backend. Because video files often contain sensitive visual, audio, location, or personal information, omission of this disclosure undermines informed consent and increases privacy risk.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill uses an environment token if present and otherwise acquires a backend token, but this authentication behavior is not surfaced clearly to the user. Hidden use of local credentials or automatic token creation can surprise users and may expose them to unintended account usage or privacy implications.

Natural-Language Policy Violations

Medium
Confidence
72% confidence
Finding
Hard-coding the session language to English without checking user preference can cause user prompts or metadata to be sent under the wrong language context. While not a direct exploit primitive, it can degrade safety controls, mis-handle multilingual instructions, and produce unexpected third-party processing inconsistent with the user's intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal