ClawHub

Contents Generator

Security checks across malware telemetry and agentic risk

Overview

This video-generation skill matches its stated purpose, but it automatically connects to a third-party backend and uses broad routing that could send unintended prompts or media for remote processing.

Review before installing. Use it only if you are comfortable sending prompts, uploaded media, URLs, and session metadata to mega-api-prod.nemovideo.ai. Avoid confidential footage unless you understand NemoVideo's retention and privacy terms, and prefer setting NEMO_TOKEN yourself rather than relying on automatic anonymous-token creation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly requires access to an environment token and a local config directory, which exceeds what a simple content-generation prompt interface needs and creates unnecessary exposure of local secrets and filesystem context. Because the skill also instructs automatic backend connection and token acquisition, this increases the risk of secret misuse, unintended credential harvesting, or unauthorized transmission of locally available authentication material.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation phrases are so generic that ordinary conversation could trigger the skill unintentionally, causing uploads, session creation, or backend actions without clear user intent. In this skill's context, accidental activation is more dangerous because it is tied to network operations, token handling, and remote processing of user-supplied media.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Routing 'Everything else' to the main SSE action creates an overly broad catch-all that can send unrelated or ambiguous user text to a remote backend. This can lead to unintended disclosure of user content, accidental remote task execution, and difficulty enforcing scope boundaries for what the skill should process.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to automatically connect to a remote backend and obtain or use tokens without first warning the user about network access, authentication, and remote processing. This undermines informed consent and can result in silent transmission of user prompts, files, identifiers, and session metadata to a third-party service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal