ClawHub

Video Editor In Browser

Security checks across malware telemetry and agentic risk

Overview

This is a cloud video-editing skill whose sensitive behavior is mostly disclosed and aligned with its purpose, but users should understand that media and prompts go to NemoVideo's backend.

Install only if you are comfortable sending chosen videos, URLs, edit instructions, and session metadata to NemoVideo's cloud service. Avoid sensitive or regulated media unless you have checked the provider's privacy and retention terms, and protect NEMO_TOKEN like any other API credential.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill presents itself as simple browser-based video editing, but its documented behavior includes obtaining authentication tokens, creating remote sessions, and uploading user media to an external cloud service for processing. This is a material capability expansion that affects user privacy, data handling, and trust, especially because users may provide sensitive video content under the assumption processing is local or browser-contained.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill requires a persistent environment credential and references a local config path even though its description suggests a straightforward browser editing workflow. This creates unnecessary access to local secrets and configuration state, increasing the risk of silent credential use, cross-session persistence, and unintended authentication behavior without clear user awareness.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The upload interface accepts remote URLs and a much broader set of media/file types than the manifest advertises, which materially changes the skill's data ingestion surface. This can lead to unexpected remote fetching, processing of non-video content, and user misunderstanding about what data may be transferred to the backend.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation phrases are broad and generic, increasing the chance the skill activates during ordinary conversation or routine file-sharing contexts. In this skill, accidental invocation is more dangerous because activation may trigger backend connection, token acquisition, and potential upload workflows involving user media.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill does not clearly warn users that their video files and prompts are uploaded to a remote cloud backend for processing, despite this being central to its operation. Because video content can contain sensitive personal, business, or copyrighted material, lack of disclosure materially undermines informed consent and can expose users to privacy and compliance risks.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill omits a clear warning that it may automatically use an existing environment token or obtain and store a new token/session behind the scenes. Silent credential handling reduces transparency and can lead to users unknowingly operating under stored identity, consuming credits, or persisting authentication artifacts locally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal