ClawHub

Free To No

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not destructive, but its narrow watermark-removal branding masks a broader cloud media-editing workflow that can automatically send ambiguous prompts and user media to NemoVideo.

Install only if you are comfortable with NemoVideo receiving the media and prompts you provide. Use it for videos you own or are authorized to edit, avoid confidential media, and be careful with vague editing requests because the skill can route broad requests to the remote editing backend.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is marketed narrowly as watermark removal, but the documented API surface and workflows expose a general-purpose cloud media editing pipeline with session management, SSE editing, state inspection, uploads, and rendering. This scope mismatch is dangerous because it can cause users or an orchestrating agent to send arbitrary media and editing requests to a third-party backend under misleading expectations, increasing privacy, abuse, and unauthorized processing risk.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The inclusion of image, audio, text, and timeline composition capabilities goes well beyond the declared purpose of removing watermarks from videos. In practice this creates an unnecessarily broad exfiltration and manipulation surface, allowing the skill to process unrelated user assets and perform more powerful actions than a user would reasonably expect from its name and description.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation examples are broad enough that ordinary editing phrases like 'export 1080p MP4' could activate this skill unexpectedly. That raises the risk of accidental routing of unrelated user content into a third-party cloud service, especially since the skill also performs automatic setup and token acquisition on first interaction.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The routing table contains a catch-all condition that sends 'Everything else' to the SSE backend, effectively allowing ambiguous or unrelated prompts to be forwarded to a powerful remote editing service. This is dangerous because it expands activation far beyond the stated purpose and can lead to unintended processing, data disclosure, or misuse through vague user requests.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description and onboarding do not clearly warn that uploaded media and instructions are transmitted to a cloud processing API. This omission is dangerous because users may share sensitive or proprietary videos under the assumption of local processing, creating avoidable privacy, confidentiality, and compliance risks.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal