ClawHub

Image To Video Hunyuan

Security checks across malware telemetry and agentic risk

Overview

This instruction-only video skill appears purpose-related, but it gives a remote cloud backend broad default handling for ambiguous prompts and user media.

Review before installing. Use this only for images and prompts you are comfortable sending to nemovideo.ai, and prefer a limited or disposable NEMO_TOKEN. Ask the publisher to narrow the catch-all SSE routing or require clarification before sending ambiguous prompts to the backend.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill documentation materially expands scope from simple image-to-video generation into broader video-editing functions such as text overlays, audio tracks, timeline composition, export orchestration, and stateful editing. This is dangerous because users and host systems may grant the skill broader authority than implied by its name and description, increasing the chance of unintended actions, excessive data sharing, or misuse of editing/export capabilities through a misleadingly narrow trust boundary.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The documented support for audio-track management and general timeline composition exceeds the stated purpose of animating a single still image into a clip. This mismatch is risky because it enables broader media manipulation and export behavior than users would reasonably expect, which can lead to over-permissioning, unexpected cloud processing, and abuse of the skill as a general editing surface.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation guidance includes broad phrases like 'tell me what you're thinking,' which can match ordinary conversation rather than a clear request to use this skill. Overbroad triggers are dangerous because they can cause accidental activation, leading users to unknowingly send prompts or media-processing requests to a third-party backend.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The routing table uses a catch-all rule that sends 'everything else' to the SSE chat backend, effectively making the skill activate on undefined requests. This is dangerous because ambiguous or unrelated user input may be forwarded to a remote service, causing unintended data disclosure, hidden capability expansion, and execution of backend-driven editing workflows outside the user's informed intent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends uploaded media, prompts, and session data to a third-party cloud service, but the user-facing description does not clearly disclose this external processing. This is dangerous because users may share sensitive images or text without informed consent, and the omission obscures material privacy and data-handling implications of using the skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal