ClawHub

Voiceover For Videos

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud video voiceover/editing skill that sends user media and prompts to NemoVideo for processing, with no artifact-backed evidence of deception or unrelated local access.

Install only if you are comfortable sending videos, prompts, and related metadata to NemoVideo's cloud service. Avoid sensitive or regulated media unless you have reviewed the provider's retention and privacy terms. For stricter environments, require manual confirmation before uploads or ambiguous edit prompts are sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest presents the skill as a narrow voiceover tool, but the body documents a broader remote video-editing pipeline with uploads, state inspection, exports, credits, and general edit routing. This mismatch can cause users or orchestrators to invoke the skill under narrower trust assumptions than its real capabilities, increasing the chance of unintended data processing and over-broad activation.

Description-Behavior Mismatch

Low
Confidence
87% confidence
Finding
The documented supported formats include many non-video and general media types that exceed the stated scope of adding narration to video files. This broader intake surface can mislead users and integrators about what data may be accepted and transmitted, creating unnecessary privacy and policy risk.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The catch-all rule routes 'everything else' to the SSE action, which can cause the skill to activate on unrelated requests and forward arbitrary user prompts to the external backend. In an agent environment, overly broad triggering increases the risk of accidental data exfiltration, confused-deputy behavior, and use outside the user's intended task.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Although the text mentions remote GPU processing, it does not clearly warn users that uploaded videos and prompts are sent to an external service for processing. For potentially sensitive video content, this lack of explicit disclosure undermines informed consent and can lead to unintentional third-party sharing of private or regulated data.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill automatically acquires anonymous tokens and creates remote sessions on first interaction without a clear up-front warning. Silent external network actions and credential/session creation can violate user expectations and organizational policy, especially in environments that restrict outbound connections or require consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal