ClawHub

AI MEDIAKIT VIDEO EDIT

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate local video-editing helper, with the main risks being normal video-processing access to files you provide and output paths you choose.

Install only if you are comfortable letting the skill read the specific video, subtitle, and danmaku files you provide. Review the proposed clip plan and choose an output path that can be safely overwritten. Run npm install only in the included template directory if you need text effects, and leave REMOTION_SERVE_URL unset unless it points to a Remotion server you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill declares that it "must be triggered" for a broad set of common video-editing phrases, which can cause unintended invocation on ambiguous user requests. Over-broad auto-triggering increases the chance the agent will begin file analysis, dependency checks, or editing workflows without sufficiently clear user intent, creating unnecessary exposure to local files and command execution paths.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The confirmation logic treats a fixed set of Chinese approval words as execution consent, without requiring a structured confirmation flow or adapting to user language. This can misinterpret conversational text as approval and lead to unintended execution of editing actions, especially in multilingual or mixed-context conversations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal