ClawHub

Ai Video Editor Change Clothes

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud video-editing connector that sends selected videos and prompts to NemoVideo, with no hidden local payload found.

Install only if you are comfortable sending selected videos, prompts, and editing state to NemoVideo’s cloud service. Avoid uploading sensitive personal, biometric, confidential, or copyrighted footage unless you trust that provider’s privacy and retention practices, and protect the NEMO_TOKEN if you provide one.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is marketed as a narrowly scoped clothes-changing video tool, but the instructions expose a much broader general-purpose video editing surface including tracks, audio, text, aspect-ratio, state inspection, and export orchestration. This scope expansion increases the chance that users and host agents invoke capabilities they did not reasonably expect, weakening consent boundaries and enabling misuse of uploaded media beyond the advertised purpose.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The documented capabilities are unjustifiably broad for a clothes-swap skill, including arbitrary media handling, audio manipulation, and text/timeline composition. Excess capability in an agent skill is dangerous because it expands the attack and abuse surface, increases the amount of user content sent to the backend, and makes it easier to perform unintended actions under the guise of a narrower tool.

Vague Triggers

Medium
Confidence
96% confidence
Finding
Routing 'everything else' to the SSE editing action creates an overly broad trigger that can capture unrelated or ambiguous user requests and forward them to a powerful backend workflow. In an agent setting, this is especially risky because benign conversation, unexpected attachments, or out-of-scope commands may be interpreted as authorization to perform edits or transmit data externally.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill encourages users to upload video footage but does not prominently warn that the media is processed by a remote cloud backend. This is a privacy and consent issue because users may share sensitive personal, biometric, or proprietary video under the assumption of local or minimally scoped processing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to automatically connect to the backend, generate a client identifier, obtain an anonymous token, and create a session before clear user-facing notice or consent. Automatic network access and token acquisition are sensitive actions because they establish an external identity, may create billable or trackable sessions, and can surprise users who have not agreed to remote processing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal