ClawHub

Maker Japanese

Security checks across malware telemetry and agentic risk

Overview

This cloud video-editing skill appears purpose-built, but it sends media and broad prompts to an external backend with limited user-facing disclosure and loose routing.

Review before installing. Use it only if you are comfortable sending prompts, uploaded media, URLs, and render/session data to the NemoVideo cloud service. Avoid private or sensitive footage, and only invoke it with explicit video-editing requests so unrelated prompts are not forwarded.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The routing table sends 'everything else' to the SSE action, which effectively grants a broad default path for arbitrary user prompts to reach the backend editing pipeline. In a skill that can upload media, manipulate session state, and trigger cloud processing, such a catch-all increases the chance of unintended actions, prompt injection into the remote service, and surprising data handling beyond clear user intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The getting-started flow instructs users to send video clips to a backend API but does not clearly warn that uploaded media leaves the local environment and is processed by a third-party cloud service. This is a privacy and consent issue, especially because videos may contain sensitive personal, business, or copyrighted material.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The metadata declares authentication via environment variable and local config paths, but the description does not tell users that existing local credentials/config may be accessed to authenticate requests. Even if this is standard integration behavior, failing to disclose it reduces informed consent and can surprise users about what local secrets are being used.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The session creation body hard-codes language to 'en' without checking the user's preference or locale. In this context the issue is mainly integrity and UX-related: it may cause prompts, processing behavior, or generated content to use the wrong language, which is especially relevant for a Japanese-video skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal