ClawHub

Converter Ai

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only cloud media skill, but it sends broad prompts and user media to a third-party service under a narrower video-conversion description.

Install only if you are comfortable with prompts and uploaded media being processed by mega-api-prod.nemovideo.ai. Use non-sensitive files first, avoid private or regulated content, and clarify where NEMO_TOKEN, anonymous tokens, sessions, and any ~/.config/nemovideo/ data are stored or deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest presents the skill as a simple video conversion tool, but the documented behavior expands into general editing, overlays, audio manipulation, and intent-based routing. This scope mismatch can mislead users and reviewers about what data is processed and what actions the skill may perform, increasing the chance of unintended remote processing and overbroad capability use.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill advertises support for a narrow set of video formats, but later documentation states it handles image and audio formats as well. This discrepancy widens the effective data exposure surface and may cause users to submit content types they did not expect would be transmitted or processed by an external backend.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill automatically acquires anonymous tokens and creates remote sessions before doing anything else, which introduces undisclosed external account/session behavior beyond basic file conversion. Because user content and prompts are then sent to a third-party API, this creates privacy, consent, and data-handling risks that are more serious in a skill marketed like a simple utility.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation guidance includes broad conversational phrasing such as 'tell me what you're thinking,' which can activate the skill from ordinary language unrelated to intentional video conversion. Overbroad triggering raises the risk that unrelated user prompts or files are routed into this external-processing workflow without clear intent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The routing table sends 'Everything else' to the SSE endpoint, creating an unbounded catch-all trigger. In practice, this means almost any user request may be forwarded to a remote backend, significantly increasing the chance of unintended data disclosure and out-of-scope actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The setup flow instructs the agent to connect to external APIs and obtain tokens, but the description does not clearly warn users that their files and prompts will be uploaded to a third-party cloud service. In a media-processing context, uploaded videos can contain sensitive personal or business information, so lack of disclosure materially increases privacy and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal