ClawHub

Dubbing Ffmpeg

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because it can send uploaded media and broad editing prompts to a remote cloud backend under a more narrowly described dubbing purpose.

Install only if you are comfortable sending selected media files and editing prompts to mega-api-prod.nemovideo.ai. Avoid private or regulated videos, use a dedicated NEMO_TOKEN where possible, and confirm before allowing non-dubbing edits or broad freeform prompts to be sent to the backend.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is presented as a dubbing/export tool, but its routing and backend description support broader video editing and generation workflows. This scope mismatch can mislead users and host systems about what actions the skill may perform, increasing the chance of unintended uploads, edits, or cloud-side processing beyond the declared purpose.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation guidance is broad enough to match common phrases like generic video conversion or dubbing requests, which can cause the skill to trigger outside a clearly bounded user intent. In an agent environment, overbroad invocation can lead to unexpected file handling, cloud API calls, and token-backed actions without sufficiently explicit user consent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The routing table includes a catch-all rule that sends 'Everything else' to the SSE editing path, effectively granting broad backend command reach with minimal constraint. This makes the skill more dangerous because arbitrary user phrasing may be forwarded to a remote editing service, enabling unintended operations beyond dubbing and making abuse or prompt-injection-style redirection more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to upload user media to a cloud backend and obtain anonymous tokens, but it does not provide a clear user-facing privacy notice about remote processing, retention, or third-party handling. This is dangerous because users may believe files are processed locally when sensitive video and audio content is actually transmitted off-device to an external service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal