ClawHub

Add Music

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud video-editing skill, but it can automatically create backend sessions and route broad or ambiguous edit requests to a third-party service that receives user media and prompts.

Install only if you are comfortable sending your videos, audio, images, prompts, and edit state to nemovideo.ai. Use it for explicit media-editing tasks, avoid private or sensitive footage unless you trust the provider, and confirm uploads or ambiguous edits before allowing the skill to proceed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a narrowly scoped 'add music' tool, but the instructions expose a much broader remote video-editing pipeline including overlays, aspect-ratio handling, state inspection, and export orchestration. This scope expansion matters because users and host systems may grant trust based on the simpler description while the skill can perform materially broader operations on uploaded content and session state.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to silently acquire anonymous auth tokens and create cloud sessions automatically, which introduces delegated account creation and authenticated backend access beyond the user-visible task. This is dangerous because it enables unprompted external service interaction, token handling, and potential resource consumption or data processing without explicit user approval.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The upload workflow accepts arbitrary remote media URLs and a wide set of asset types far beyond the advertised common video inputs. That broader ingestion surface can be abused to fetch or process unexpected content, increasing risks around unintended external requests, mishandling of sensitive assets, or policy bypass through non-obvious file types.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Routing 'everything else' to the editing action makes invocation overly broad and increases the chance that unrelated or ambiguous user input triggers external processing. In an agent environment, such catch-all behavior can cause unintended uploads, session activity, or backend edits from normal conversation that was not meant as a tool invocation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill describes uploading user videos to a cloud backend and performing remote processing, yet it does not require an explicit warning or consent flow before transfer. This is dangerous because user media may contain sensitive or proprietary content, and silent third-party transfer undermines informed consent and privacy expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal