ClawHub

Video Generator

Security checks across malware telemetry and agentic risk

Overview

This video-generation skill is plausible, but it makes a local development preview publicly reachable and performs external scraping by default without clear user confirmation.

Review before installing. Use this only for non-sensitive video projects unless you intentionally want a public preview URL. Ask the agent to confirm before using Firecrawl, downloading remote assets, or starting a Cloudflare tunnel; avoid private URLs or confidential project content; use limited API keys; and stop the tunnel and dev server when preview is finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a Remotion video-generation workflow, but it also instructs the agent to scrape third-party websites and retrieve remote assets. That expands the capability and trust boundary beyond the declared purpose, creating undisclosed network access and data-ingestion behavior that could surprise users or be misused to fetch untrusted content.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The documented workflow exposes a local Remotion Studio instance to the public through a Cloudflare tunnel even though the skill is described as video generation. Public tunnel exposure materially changes the risk profile by making a local development service internet-reachable, which can enable unauthorized access, data leakage, or abuse of an unauthenticated dev server.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The tunnel management section normalizes publicly exposing port 3000 without clearly tying that exposure to a necessary, security-reviewed product requirement. In context, this is dangerous because Remotion Studio is a development server, and publishing it can expose source content, project state, or interactive controls to anyone who obtains the public URL.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to expose a local service publicly without any user-facing warning that the development server will become reachable from the internet. Lack of disclosure is dangerous because users may not understand they are publishing local project content and potentially an interactive dev endpoint to a third-party tunnel URL.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill makes website scraping mandatory for product-related videos but does not warn users that external requests will be sent and remote data will be collected and incorporated into the project. This creates privacy, compliance, and supply-chain risk, especially if the scraped content or returned URLs are untrusted or unexpected.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The quick-start path includes public exposure of the dev server as a normal step, again without a safety warning. Because quick-start sections are likely to be copied verbatim, this increases the chance of accidental internet exposure of a local development environment without informed consent.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The asset download instructions fetch remote files directly into the local project without warning about trust, provenance, or validation. While downloading logos and screenshots is common for this use case, silently importing remote content can introduce malicious or unexpected files, licensing issues, or poisoned assets into the workspace.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal