ClawHub

Free Text To Video Generator

Security checks across malware telemetry and agentic risk

Overview

This instruction-only video generator is coherent with its purpose, but users should understand it sends prompts and uploaded media to a third-party cloud API.

Install only if you are comfortable sending prompts, scripts, uploaded files, URLs, and generated video project data to mega-api-prod.nemovideo.ai. Use a low-privilege or test token first, avoid sensitive or confidential material unless you trust the service, and verify the publisher/service privacy terms before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to automatically use an environment token or obtain an anonymous token and immediately contact an external backend, while explicitly hiding technical details from the user. This creates undisclosed credential use and outbound data transmission, which is risky because user prompts and account-linked actions may be sent off-platform without meaningful consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill sends prompts, session state, exports, and potentially uploaded files/URLs to a cloud video backend but provides no clear privacy or data-handling notice. In a content-generation skill, users may submit proprietary scripts, educational material, marketing plans, or media files, so lack of disclosure increases the chance of unintended sensitive-data exposure to a third party.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal