ClawHub

Image To Video Ai Joy

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only cloud video-generation skill whose external processing and token/session use fit its stated purpose, though users should understand media and prompts go to NemoVideo.

Install only if you are comfortable sending selected images, media URLs, prompts, and project/session metadata to NemoVideo's cloud service for processing. Avoid confidential or regulated media unless you trust that provider, keep NEMO_TOKEN private, and confirm ambiguous edit/export requests before the agent contacts the backend.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is marketed as a simple still-image-to-video tool, but the documented functionality expands into broader media editing, timeline manipulation, audio/text tracks, and multiple import/export paths. This scope mismatch can mislead users and reviewers about what data and actions the skill may perform, increasing the chance of unintended uploads, edits, or external processing beyond the user's expectation.

Context-Inappropriate Capability

Low
Confidence
83% confidence
Finding
The instructions to read local YAML frontmatter at runtime and infer platform from install path introduce unnecessary local-environment inspection unrelated to the user task. Even if limited, this creates avoidable metadata exposure about the user's installation environment and encourages file/path probing behavior outside the core media workflow.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation examples and routing rules use broad phrases such as ordinary editing/generation language, which can cause the skill to activate on generic user requests not clearly intended for this service. Overbroad triggering is dangerous because it can lead to unintended backend connections, file uploads, or remote processing without sufficiently specific user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs automatic connection to a third-party backend and token acquisition/session creation on first open, but does not pair this with a clear user-facing notice that data, prompts, and possibly uploaded media will be transmitted externally. This creates a real privacy and consent risk, especially because activation may occur before the user understands that remote services and account-like tokens are involved.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal