ClawHub

Video Downloader Online

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud video downloader/editor that sends user media or URLs to NemoVideo, but its downloader framing understates broader remote editing and broad catch-all processing behavior.

Install only if you are comfortable treating this as a NemoVideo cloud video editor/downloader, not a local-only downloader. Avoid private or sensitive media unless you trust the provider, and expect URLs, uploaded files, tokens, session IDs, project state, and render jobs to be handled by the remote service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is presented as a simple video downloader, but the documented API flows include broader editing, generation, state inspection, and export behavior. This mismatch can mislead users and host agents about what the skill will actually do, increasing the risk of unintended data transfer, unexpected processing, and over-broad permissions or invocation.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest frames the skill as taking user video URLs/files for download conversion, but the routing rules allow general generate/edit requests under a catch-all path. That broadens the operational scope beyond the declared purpose, which can cause users or orchestration systems to invoke capabilities they did not expect or authorize.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation examples are broad and overlap with ordinary user language, making accidental triggering more likely. In a skill that transmits URLs/files to a remote backend and can initiate processing workflows, ambiguous trigger phrases raise the chance of unintended activation and data exposure.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The catch-all routing rule sends 'everything else' to the SSE editing/generation pathway, which creates an overly broad trigger surface. This can cause unrelated or unclear prompts to invoke remote processing actions unexpectedly, especially since the skill also maintains sessions and state server-side.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to send video URLs/files, session identifiers, and related metadata to a remote backend, but it does not provide a clear user-facing warning or consent flow. This is dangerous because users may unknowingly transmit sensitive media, URLs, or metadata off-platform to a third party.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
Forcing session creation with language set to English without user choice is a policy and consent issue that can lead to misprocessing of user content or inaccurate handling of prompts. In a media-processing workflow, this can cause user confusion and incorrect backend behavior, though the direct security impact is limited.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal