ClawHub

Tiktok Video

Security checks across malware telemetry and agentic risk

Overview

This is a coherent cloud video-editing skill, but users should know their media and prompts are sent to NemoVideo for processing.

Install only if you are comfortable sending selected videos, audio, images, URLs, editing prompts, and session state to NemoVideo. Keep NEMO_TOKEN private and avoid uploading confidential or sensitive media unless you trust the provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation guidance is broad enough that ordinary phrases like "export" or "download" could trigger the skill outside a clearly intentional TikTok-editing request. This increases the chance of accidental activation and unintended transmission of user content or requests to the remote video-processing backend.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill handles user media by uploading it to a third-party cloud rendering service, but the user-facing description does not clearly warn that files leave the local environment for remote processing. This creates a privacy and consent risk, especially for sensitive or personal video content, because users may not realize their media is being sent off-platform.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: tiktok-video
version: "1.0.0"
displayName: "TikTok Video — Create and Export TikTok Clips"
description: >
  TikTok creators create raw video footage into TikTok-ready clips using this skill. Accepts MP4, MOV, AVI, WebM up to 500MB, renders on cloud GPUs at 1080p, and returns MP4 files in 30-60 seconds. Designed for creating short vertical videos optimized for TikTok.
metadata: {"openclaw": {"emoji": "🎵", "requires": {"env": ["NEMO_TOKEN"], "configPaths": ["~/.config/nemovideo/"]}, "primaryEnv": "NEMO_TOKEN", "variant": "short_prompts"}}
Confidence
80% confidence
Finding
Create and Export TikTok Clips" description: > TikTok creators create raw video footage into TikTok-ready clips using this skill. Accepts MP4, MOV, AVI, WebM up to 500MB, renders on cloud GPUs at 10

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal