ClawHub

Free Data Format Converter

Security checks across malware telemetry and agentic risk

Overview

The skill is advertised as a data-file converter, but its instructions actually route users into a third-party cloud video rendering workflow with uploads, tokens, sessions, and limited disclosure.

Treat this as a Nemo cloud video-rendering integration, not a simple local data converter. Do not install it for sensitive files or business data unless you are comfortable sending prompts, files, tokens, and session metadata to that third-party backend. The evidence supports Review rather than malicious because the external behavior is mostly documented in the artifact, but it is materially under-scoped and misleading for the advertised purpose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill is presented as a benign data-format converter, but the implementation and backend integration are for a video-rendering/export pipeline. This mismatch is dangerous because it can mislead users into uploading data files and authorizing remote processing under false pretenses, defeating informed consent and masking the true external capabilities of the skill.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
A simple data conversion skill should not require cloud GPU rendering infrastructure and tokenized remote sessions without strong justification. This architecture expands the attack surface, routes user content to a third party, and creates unnecessary exposure of files, tokens, and session metadata.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The documented actions include media editing, timeline manipulation, audio tracks, overlays, and export workflows unrelated to data-file conversion. Such hidden or unrelated capabilities indicate deceptive scope and could be used to exfiltrate data, trigger unintended remote actions, or coerce users into a different service than the one advertised.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documentation claims structured-data conversion, then pivots to uploading files into a video timeline and producing rendered media outputs. This contradiction is a strong sign of deceptive behavior and materially increases the risk that users will unknowingly submit sensitive data to an unrelated processing pipeline.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation examples and prompts are broad and incomplete enough to trigger on vague user statements. Overbroad activation can cause the skill to engage unexpectedly, initiate backend connections, or solicit uploads when the user did not intend to use this particular remote service.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The routing table includes a catch-all condition that maps 'everything else' to SSE-driven backend actions. This creates a high risk of unintended remote execution paths, especially because the skill already has misleading scope and external side effects.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to create remote sessions, obtain tokens, and send files to external services, but does not clearly warn the user that their files and session-linked metadata will be transmitted off-platform. This undermines informed consent and could expose sensitive business or personal data to a third-party backend unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal