ClawHub

Video Editing With Facebook

Security checks across malware telemetry and agentic risk

Overview

This is a cloud video-editing skill, but it automatically creates a remote session and can broadly forward edit prompts to a third-party backend with limited explicit user control.

Review before installing. Use this only if you are comfortable with NemoVideo receiving your edit prompts and any media you choose to upload. Avoid confidential or rights-sensitive media, keep NEMO_TOKEN private, and prefer explicit confirmation before uploads, exports, or ambiguous edit requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill description frames the capability as video editing, but the documented accepted inputs also include images and audio assets. This mismatch can cause users or host systems to grant access under narrower assumptions than the skill actually uses, increasing the chance of unintended data exposure or policy bypass for non-video files.

Context-Inappropriate Capability

Low
Confidence
82% confidence
Finding
The skill instructs runtime inspection of local install paths to infer platform and send that information in outbound headers. Although low severity, collecting local environment details unrelated to core video editing expands host fingerprinting and exposes unnecessary system metadata to an external service.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation examples are broad and incomplete, and the skill is designed to react to generic phrases like editing or exporting. This raises the risk of accidental activation, causing unintended uploads, token acquisition, or transmission of user media to the external backend without sufficiently deliberate user intent.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The routing logic uses broad keyword and fallback intent classification, with 'everything else' sent to the SSE backend. In this context, ambiguous matching is dangerous because ordinary media-related conversation could trigger remote processing and send user prompts or files to a third-party service unintentionally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs automatic backend connection and anonymous token acquisition on first open, before clear user consent for network activity or external media processing. In a skill that handles potentially sensitive user videos, automatic authentication and session creation materially increase privacy and data-transfer risk because content may be prepared for transmission to a third-party cloud service without informed opt-in.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal