ClawHub

Video Editing Ai Tools Free

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud video-editing integration; it is coherent and not malicious, but users should know their media and prompts may be sent to Nemovideo APIs.

Install only if you are comfortable sending selected media files, edit prompts, provided URLs, and related metadata to mega-api-prod.nemovideo.ai for processing. Treat NEMO_TOKEN as a sensitive service token, and do not use this skill with private videos unless you accept that external processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill advertises only a narrow set of supported video formats, but later documents support for many more file types including images and audio. This mismatch can mislead users and reviewers about what data may actually be accepted and transmitted to the backend, weakening informed consent and security review accuracy.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill promises users they will receive 1080p MP4 output, but the later export flow states exports may be blocked by subscription tier or plan restrictions. This is a deceptive capability claim that can induce users to upload content under false assumptions about service availability and outcome.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs the agent to connect to a remote API immediately and supports uploading user video files and prompts to a cloud service, yet the description does not clearly warn users that their content leaves the local environment. Because videos often contain sensitive visual, audio, and metadata content, this omission undermines informed consent and creates a meaningful privacy and data exposure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal