ClawHub

Ai Image To Video Online

Security checks across malware telemetry and agentic risk

Overview

This looks like a real cloud image-to-video skill, but it sends user media and prompts to a remote backend with broad automatic routing and not enough user-facing control.

Review before installing. Use it only if you are comfortable sending selected images, prompts, URLs, and render/session metadata to NemoVideo cloud services. Avoid sensitive or regulated media, protect any NEMO_TOKEN, and require explicit confirmation before uploads, generation, exports, or ambiguous edit requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as a simple image-to-video converter, but the documented capabilities extend into general media editing, state inspection, exports, audio/text track handling, and GUI-like action translation. This scope expansion increases the chance that unrelated user prompts get routed into powerful backend actions the user did not reasonably expect, which is a real security and trust-boundary issue even if not clearly malicious.

Context-Inappropriate Capability

Low
Confidence
80% confidence
Finding
The skill instructs the agent to silently obtain and use an environment token or acquire an anonymous token from a remote service, which establishes authenticated backend access beyond a purely local file transformation flow. While this may support the product design, it is still a security-relevant behavior because it enables remote account/session actions and should be clearly bounded and disclosed.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Routing 'Everything else' to the SSE action creates an overly broad catch-all path that can send arbitrary user input to a powerful remote backend with editing and execution-like translation semantics. In this skill's context, that broad fallback is especially risky because the backend can drive stateful operations, uploads, edits, and exports, making prompt confusion or abuse more likely.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The setup and workflow send user images, prompts, and session data to a cloud backend, but the skill does not provide a clear upfront privacy notice at the point of use. This omission is materially risky because users may upload sensitive images or personal content without understanding that it will be processed remotely on third-party infrastructure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal