ClawHub

Ai Voiceover Tool

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud video voiceover/editing skill, but users should know their media and prompts go to NemoVideo and the routing is broad.

Install only if you are comfortable sending videos, scripts, prompts, and related media to NemoVideo’s cloud service. Avoid sensitive or regulated content unless you trust that provider, protect any NEMO_TOKEN like an account credential, and ask the agent to confirm before uploads, broad edits, or exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as a narrow AI voiceover tool, but the instructions authorize broader video-editing operations such as aspect-ratio changes, overlays, BGM, generic edits, state inspection, and export workflows. This scope expansion increases the chance the agent will perform actions users did not explicitly intend and weakens least-privilege boundaries between a simple voiceover skill and a general media-editing backend.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invitation text is overly broad and encourages activation from vague requests like sharing a video or script or saying what the user is thinking. In agent environments, broad trigger language can cause accidental routing from generic conversations, leading to unintended uploads, session creation, or cloud processing against a third-party backend.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The routing rule sends 'Everything else' to the SSE editing path, which is an excessively broad catch-all with no meaningful boundary checks. This can cause the skill to interpret unrelated user text as edit commands and forward arbitrary prompts to the backend, expanding attack surface and increasing the risk of unintended actions or data disclosure to the cloud service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal