ClawHub

Video Compressor Jpg

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real cloud video-processing skill, but it sends media and prompts to a third-party backend with broader editing behavior than its compressor-focused presentation clearly explains.

Install only if you are comfortable sending videos, images, audio, prompts, and related edit state to the NemoVideo cloud API. Use non-sensitive media first, and watch for ambiguous requests being treated as editing actions rather than the skill asking for confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a simple video compression tool, but its documented behavior exposes a much broader remote video editing and render pipeline, including timeline/state management, SSE-driven edits, uploads, and export orchestration. This mismatch can mislead users and reviewers about what data is sent remotely and what actions the skill may perform, increasing the risk of unintended data disclosure or unexpected cloud-side processing.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation prompt invites users to merely 'tell me what you're thinking,' which is overly broad for a skill that uploads media and connects to a remote backend before handling requests. Broad invocation language increases the chance the skill activates on ambiguous user input and initiates networked processing or token/session creation without sufficiently clear user intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The catch-all routing rule sends 'everything else' to the SSE editing path, effectively treating any unmatched prompt as authorization for remote editing operations. In a skill that can upload content, maintain cloud session state, and trigger rendering, that ambiguity expands the operational scope beyond what users may reasonably expect from a compression-focused tool.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to connect to a remote backend, acquire tokens, and create sessions before handling requests, but it does not clearly warn users that uploaded media and prompts are transmitted to an external service. Because this skill handles potentially sensitive user videos and related metadata, inadequate disclosure materially raises privacy and consent risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal