ClawHub

Video Editing With Gopro

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud video-editing integration, but users should know their media and prompts go to NemoVideo for remote processing.

Install only if you are comfortable sending selected videos, media URLs, and editing instructions to NemoVideo for cloud processing. Avoid sensitive footage unless you trust that provider, protect NEMO_TOKEN, and verify output resolution because the marketing mentions 4K while the render details mention H.264 up to 1080x1920.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest markets the skill as a narrow GoPro MP4 editing tool, but the body exposes a much broader remote media-processing surface including generic uploads, exports, and multiple media formats. Scope mismatch is dangerous because users and reviewers may grant trust based on a constrained description while the skill actually performs more expansive networked operations than advertised.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
URL-based ingestion allows the skill to cause the backend to fetch arbitrary remote resources, which is broader than user-supplied GoPro file editing and can create server-side request abuse, unintended data access, or opaque third-party transfers. Because this capability is undocumented in the user-facing promise, users may not realize that external URLs—not just uploaded files—can be sent for processing.

Context-Inappropriate Capability

Low
Confidence
81% confidence
Finding
Deriving attribution headers from local install paths requires inspecting host-local environment details unrelated to editing a video. While the data exposure is limited, it unnecessarily collects platform/context information that can leak deployment details and expands the skill's access to local metadata beyond user expectations.

Vague Triggers

Medium
Confidence
85% confidence
Finding
Routing essentially all unmatched input into the SSE editing action creates an overly broad execution path, increasing the chance that unrelated or sensitive user text is transmitted to the remote backend. This weak prompt/action boundary can cause accidental data exfiltration and makes the skill easier to misuse with ambiguous prompts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description does not clearly warn, upfront, that user videos are uploaded to and processed by a third-party remote service. For media files, this is a meaningful privacy and data-handling concern because users may assume local processing and disclose sensitive footage without informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Automatically connecting to the backend and acquiring anonymous tokens without an explicit user-facing warning or consent flow initiates network access and credential handling silently. Even if the token is free and short-lived, silent authentication and session creation can surprise users, mask outbound connections, and reduce transparency around account and data usage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal