ClawHub

Idea2video

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed dLazy video-generation wrapper, but it needs review because it mixes a canvas planning workflow with direct terminal command execution using API credentials.

Install only if you intend to use dLazy and are comfortable with prompts and selected local media being sent to dLazy services. Review each proposed dlazy command before allowing it, avoid passing private files, consider using npx or DLAZY_API_KEY instead of a persistent global setup, and prefer waiting for the publisher to resolve the contradictory canvas-versus-terminal workflow if you need stricter control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

High
Confidence
94% confidence
Finding
The skill’s final 'critical execution instructions' tell the agent it can execute terminal commands and must run `dlazy` generation commands step-by-step, which conflicts with the earlier canvas-only workflow and broadens the skill from planning into direct command execution. In a security-sensitive agent environment, contradictory execution guidance can cause the agent to perform unintended external actions, including networked API calls and media uploads, without the tighter confirmation and tool-bound controls expected by the declared workflow.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill’s main body defines a plan-only workflow that should expand templates into canvas shapes and call drawToCanvas, but the later 'critical execution instructions' override that by telling the agent to execute terminal commands against an external CLI and return generated asset URLs. This creates a confused-deputy risk: an agent following the skill may perform real command execution, networked API calls, and media uploads outside the expected planning scope, increasing the chance of unsafe actions, data exposure, or unreviewed side effects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal