ClawHub

Video Editor Ab2n

Security checks across malware telemetry and agentic risk

Overview

This is a coherent cloud video-editing skill, but users should understand that video files and editing prompts go to nemovideo.ai.

Install this only if you are comfortable sending your video files, prompts, and related job metadata to nemovideo.ai for processing. Avoid sensitive, private, confidential, or rights-restricted footage unless you have confirmed the provider's privacy, retention, and deletion terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The example trigger phrases are extremely generic (for example, 'export 1080p MP4' and 'edit my raw video footage') and can overlap with normal user requests outside this skill's intended scope. In an agent environment with multiple installed skills, broad triggers can cause unintended routing, leading users to send media or instructions to this third-party backend when they did not explicitly choose it.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The routing table includes a catch-all rule that sends 'Everything else' to the SSE editing action, which is overly broad and could capture unrelated user prompts. Because this skill can upload/process user media and send prompts to a remote service, ambiguous routing increases the risk of unintended data disclosure and unauthorized backend actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explains that it uses a cloud rendering pipeline, but it does not present a clear upfront user warning that uploaded video files and editing instructions are transmitted to an external backend. Since videos may contain sensitive personal, corporate, or copyrighted content, lack of explicit disclosure can cause users to unknowingly share sensitive data with a third party.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal