ClawHub

Editor Kiss

Security checks across malware telemetry and agentic risk

Overview

This video-editing skill appears legitimate, but it automatically connects to a cloud service and may send broad user input or sensitive video content with limited upfront consent.

Review before installing. Use this only with videos and prompts you are comfortable sending to NemoVideo's cloud backend, and avoid confidential, client, regulated, or private footage unless you have confirmed retention, account, and billing terms. The publisher should add explicit consent before first network connection/upload and narrow the catch-all SSE routing to clear editing requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to inspect environment variables, mint an anonymous token, and persist session credentials, which extends beyond a simple user-driven video editing action into credential and session management. While this is likely intended to enable the service, it creates a security and privacy boundary crossing because network authentication occurs automatically and tokens may be handled without explicit user consent or clear scoping.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest advertises a straightforward upload-and-edit capability, but the body reveals additional behaviors including account credit checks, backend session orchestration, export entitlement handling, and state inspection. This mismatch reduces informed consent and makes it harder for users to understand the actual authority granted to the skill, especially since uploaded media and session state are sent to a third-party cloud backend.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The phrase "Share your raw video footage and I'll get started" encourages immediate action and may trigger processing from a broad range of user inputs without a precise confirmation boundary. In a skill that uploads user media to a remote service, overly broad activation increases the risk of unintended data transmission or edits starting before the user has explicitly agreed.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The routing rule sends "Everything else" to the SSE editing path, which is an overly broad catch-all that can convert ambiguous conversation into backend actions. Because that path may transmit user text and operate on cloud session state, accidental activation can cause unintended processing, privacy exposure, or consumption of credits.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to automatically connect to a remote backend and obtain a token on first open, while only providing a minimal "Setting up..." notice. Automatic network access and authentication without a clear warning or opt-in is dangerous because it can transmit metadata and establish third-party sessions before the user meaningfully consents.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal