ClawHub

Pika Labs

Security checks across malware telemetry and agentic risk

Overview

This is a coherent cloud video-generation skill, but it asks the agent to use external sessions, uploads, persistent identifiers, and tokenized links without enough user-visible control.

Review before installing. Use this only for prompts, images, and videos you are comfortable sending to the NemoVideo/Pika cloud backend. Treat NEMO_TOKEN and any workspace claim links like credentials, and ask the agent to confirm before uploading files, creating sessions, or opening/binding external workspaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill directs the agent to create and persist a client identifier under the user's home directory to obtain anonymous tokens. This introduces unnecessary local state and cross-session tracking for a video-generation skill, and can occur without meaningful user awareness or consent. Persisted identifiers can enable correlation of activity over time and expand privacy risk beyond the immediate request.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to construct and surface a workspace claim link containing a token, task_id, and session_id in URL parameters. Embedding authentication or session-bearing material in a link risks leakage through logs, browser history, screenshots, referrers, or accidental sharing, potentially allowing unauthorized access to the user's workspace/session.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions tell the agent to connect to a remote backend, upload files, create sessions, and send messages, but explicitly say to keep technical details out of the chat. That omits critical disclosure that user prompts, uploads, and session metadata are transmitted to a third-party service, undermining informed consent and increasing privacy/compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal