ClawHub

Ai Image To Video Luma

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because a narrow image-to-video skill can automatically connect to a third-party backend and route broad media-editing requests there.

Review before installing. Use this only if you are comfortable sending selected images, other media files, prompts, session state, and render metadata to the NemoVideo/Luma-style backend. Avoid sensitive or confidential assets, protect any NEMO_TOKEN you configure, and ask the agent to confirm before connecting, uploading, exporting, or spending credits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The public description presents a narrow still-image-to-video generator, but the instructions expose a much broader multimedia editing and export surface including timeline state, audio, text, generic video upload, and rendering APIs. This scope mismatch can cause the agent to invoke capabilities users did not reasonably expect, increasing the risk of unauthorized processing of additional media or broader backend interaction.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Routing 'Everything else' to the SSE generation path is overly broad and can cause ambiguous or unrelated user input to trigger backend actions. In practice, this raises the chance of unintended requests, excessive data transmission, or misuse of the generic editing interface beyond the stated purpose.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill instructs use of environment tokens and anonymous token acquisition for outbound API calls without clearly informing users that credentials and content will be transmitted to a third-party backend. This weakens informed consent and increases the risk of mishandling secrets or sending sensitive media under opaque authentication behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal