ClawHub

Tiktok Add Music

Security checks across malware telemetry and agentic risk

Overview

This is a coherent cloud video-editing skill, but users should know selected videos and prompts are sent to NemoVideo and a session token may be created automatically.

Install only if you are comfortable sending selected videos, audio, URLs, editing prompts, and project state to NemoVideo. Avoid sensitive or confidential footage unless you trust the provider's privacy and retention practices, and use a dedicated NEMO_TOKEN when possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill is presented as a narrow TikTok music helper, but the documented API surface exposes a much broader remote video editing and rendering workflow. This scope mismatch increases the chance that users or calling agents invoke capabilities they did not reasonably expect, which weakens consent and creates an opportunity for unintended data processing or abuse of backend features.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill can silently mint anonymous tokens and establish cloud sessions on behalf of the user, which gives it autonomous access to an external service beyond simple local media manipulation. That is dangerous because it enables unprompted third-party authentication, tracking via client identifiers, and backend resource consumption without clear user awareness or approval.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Routing essentially all unmatched requests into the editing SSE action creates an overly permissive trigger that can cause the skill to process prompts outside its intended scope. In practice, this broad dispatch increases the risk of accidental remote actions, unexpected uploads or edits, and misuse of the backend through ambiguous natural-language requests.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill encourages users to send video files to a cloud backend without a clear upfront warning that media will leave the local environment and be processed by a third party. This is dangerous because videos often contain sensitive personal, biometric, geolocation, or copyrighted content, and users may not realize they are consenting to external transmission.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The setup instructions describe token acquisition, session creation, and backend processing, but the user-facing description does not clearly explain that external services handle authentication and rendering. This transparency gap is risky because users may believe the feature is self-contained and not appreciate the privacy, billing, or account implications of remote processing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal