ClawHub

Free Youtube Best

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real cloud video-editing integration, but it under-discloses automatic remote authentication, session creation, and broad prompt routing to the backend.

Install only if you are comfortable with video links, uploaded media, edit prompts, session metadata, and render activity being sent to mega-api-prod.nemovideo.ai. Use non-sensitive media first, make sure any NEMO_TOKEN is revocable, and avoid relying on this skill for private or confidential videos unless the provider's retention and privacy terms are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest markets the skill as narrowly handling YouTube links and a few video formats, but the body documents broader media handling, timeline editing, and additional file types. This scope mismatch can mislead users and host platforms about the skill's real capabilities, reducing informed consent and making abuse or over-privileged routing harder to detect.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to automatically use an environment token or silently obtain an anonymous token and create backend sessions before handling requests. That causes credential use and external account/resource consumption without clear user awareness, and can expose users to quota abuse, unintended third-party data transfer, and opaque session creation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation examples are broad and generic enough to match ordinary conversation about videos, increasing the chance the skill activates unexpectedly. Unintended activation is risky here because the skill is designed to connect to an external backend and may start credentialed workflows or data uploads based on loosely related prompts.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The routing table includes a catch-all rule that sends 'everything else' into the SSE edit pathway, giving the skill very broad authority over user prompts. In context, that can cause unrelated text to be forwarded to a remote service, leaking user content and triggering remote actions outside the user's intended scope.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs automatic use of a local environment token and fallback anonymous token acquisition without any user-facing warning. This is dangerous because it normalizes silent credential consumption and remote authentication, potentially exposing user data, spending credits, and creating durable backend associations without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal