ClawHub

neo-ai

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Neodomain cloud image and video generation skill, but it handles tokens, contact information, prompts, and media uploads that users should treat as sensitive.

Install only if you trust the Neodomain service and publisher. Do not paste generated access tokens, login codes, terminal output, or personal contact details into shared chats or logs, avoid storing the token in synced shell profile files, and only upload prompts, images, videos, audio, or storyboard files you are comfortable sending to Neodomain and OSS-backed storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly uses sensitive capabilities—environment secrets, network access, and file writes—but does not declare permissions. That weakens platform review and user transparency, making it easier for the skill to access tokens, send data to external services, and write outputs without explicit disclosure. In this context the risk is elevated because the skill also performs authentication and media/file handling.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill description says it generates AI images/videos, but the body also covers user login, identity selection, model enumeration, OSS uploads, and storyboard QA/report generation. This mismatch can mislead users and reviewers about the full data flows and operational reach of the skill, especially where personal contact data, tokens, and arbitrary local files may be transmitted to third-party services.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The file implements full authentication flows, including sending login codes, logging in, selecting identities, and retrieving bearer tokens, which exceeds the skill's declared image/video generation scope. In an agent-skill context, adding account-auth and token acquisition materially increases trust and abuse risk because the skill can facilitate credential/token collection and account access rather than only media generation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs users to persist an access token in shell startup files such as ~/.zshrc or ~/.bashrc, which increases the chance of long-term credential exposure through backups, dotfile syncing, shared accounts, shell history mistakes, or accidental disclosure. While common in developer docs, presenting this as the permanent setup path without warning or safer alternatives is insecure credential-handling guidance.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The login flow asks for a phone number and returns an access token but provides no privacy notice, no guidance on protecting the token, and no warning against sharing or logging sensitive values. In a skill that interacts with a remote API, this makes accidental credential leakage and mishandling of personal data more likely, especially for less experienced users following copy-paste instructions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The authentication flow instructs collecting a phone number or email and sending it to the Neodomain service, but the skill description does not clearly warn users that personal contact data will be transmitted. That creates a privacy and consent issue, because users may invoke a media-generation skill without realizing it can request and process their personal identifiers for login.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script prints the access token, user ID, nickname, email, mobile number, and enterprise information directly to stdout. Tokens and PII written to console output can be captured by shell history, logs, terminal recording, CI systems, or other tooling, enabling account compromise and unnecessary data exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal