ClawHub

Editor Clips

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud video-editing skill that sends selected media and edit prompts to NemoVideo, with no hidden code or destructive behavior found.

Install this only if you are comfortable sending selected videos, URLs, edit prompts, and generated media state to NemoVideo's cloud service. Protect the NEMO_TOKEN like a credential, avoid uploading confidential or copyrighted material unless you trust the provider, and ask for confirmation before URL imports or exports if you want tighter control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented as a video-clip editor for user-uploaded video files, but the documented export support includes images and audio formats not disclosed in the manifest. That mismatch expands the effective data-handling scope and can mislead users or hosts about what content types the skill may process, store, or exfiltrate through the backend.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Allowing uploads from arbitrary URLs introduces server-side fetching behavior beyond normal user file upload, which can be abused to retrieve attacker-controlled or internal resources and send them to the cloud backend. This is not clearly necessary for the stated purpose of editing user-provided video clips, so it meaningfully broadens the attack surface and data-ingestion scope.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The startup text and invocation examples are generic enough that the skill may activate on vague editing-related requests without clear user intent. Over-broad triggering can cause unintended connection setup, token acquisition, session creation, or media-processing actions against a cloud backend before the user has knowingly opted into this specific skill.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal