ClawHub

Ai Photo Editor Free

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it presents itself as a free photo editor while instructing the agent to use a broader cloud media/video backend and upload user media without a clear consent step.

Review before installing. Use this only if you are comfortable sending images or other media to the Nemovideo cloud backend and accepting broader media/video behavior than the photo-editor title suggests. Avoid sensitive personal, business, or private images unless the publisher clarifies privacy, retention, and consent handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is presented as a photo editor, but the operational instructions wire it to a video/media editing backend with session state, timeline handling, upload-video endpoints, and render/export flows. This mismatch is dangerous because users and integrators may grant permissions, provide media, or rely on privacy/scope expectations that do not match the skill’s actual behavior, enabling deceptive data handling and unintended backend actions.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The routing section claims to support photo editing but directs common requests into export, state, upload, and SSE flows associated with video/timeline operations. That discrepancy can mislead users into invoking functions outside the expected photo-editing scope, creating a deceptive capability boundary and increasing risk of unintended media processing or exfiltration.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The API reference explicitly documents video upload, session state with draft/video_infos/generated_media, and MP4 rendering/export, contradicting the claimed photo-editing function. This is dangerous because it embeds undisclosed media-processing capabilities and could cause users or hosts to send assets to a backend with materially different behavior than advertised.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Including media rendering and export capabilities in a skill marketed for free photo editing expands its operational scope beyond what is justified by the user-facing description. While not inherently malicious, unnecessary capability breadth increases attack surface and the chance of misuse, especially when paired with cloud uploads and session-based processing.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to connect to a cloud backend, obtain tokens, create sessions, and process user media remotely, but it does not require a clear upfront user-facing warning or consent step before transmitting photos. This is dangerous because users may unknowingly send potentially sensitive images to a third-party service under incomplete privacy and retention expectations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal