ClawHub

Video Trimmer By

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only cloud video trimming skill whose network, token, upload, and render behavior matches its stated purpose, though users should understand videos are processed by NemoVideo's backend.

Install only if you are comfortable sending selected videos, video URLs, and editing instructions to NemoVideo's cloud service. Avoid sensitive personal, business, or location-revealing footage unless you trust that service's privacy and retention practices, and consider setting your own NEMO_TOKEN instead of relying on anonymous token creation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to automatically connect to a remote backend, mint an anonymous token, and create a session on first open before clear user consent or a prominent warning about network activity. That means user prompts, identifiers, and later uploaded media may be transmitted to a third-party service without sufficiently explicit notice, creating privacy and transparency risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description emphasizes convenience but does not clearly disclose that uploaded videos and editing instructions are sent to a cloud rendering backend. Because video files can contain sensitive personal, business, or location data, omission of this disclosure can cause users to share high-risk content without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal