ClawHub

Free Video Generation N8n

Security checks across malware telemetry and agentic risk

Overview

This skill uses NemoVideo's remote service to process prompts and uploaded media, which is privacy-sensitive but coherent with its video-generation purpose.

Install only if you are comfortable sending prompts, uploaded media, and generated timeline state to NemoVideo's backend for processing. Avoid uploading confidential files, secrets, or private media unless you intend to share them with that service, and check which NEMO_TOKEN account or anonymous token will be used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation examples and routing rules are broad enough to trigger on generic phrases like "export," "upload," or "status," which can cause the skill to activate in contexts unrelated to this video tool. In practice, this increases the chance of unintended backend calls, accidental file handling, or user confusion about which skill is acting, especially because the skill performs remote API operations once invoked.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to send user prompts, workflow scripts, and uploaded media to a third-party backend, but it does not present a clear user-facing disclosure before transmission. This is dangerous because users may share sensitive automation logic, credentials embedded in scripts, or private media without informed consent, creating privacy, confidentiality, and compliance risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal