ClawHub

Image To Video Meme Ai

Security checks across malware telemetry and agentic risk

Overview

This skill sends selected images and prompts to a cloud video service as part of its stated image-to-video purpose, with no evidence of hidden code, destructive behavior, or unrelated data access.

Install only if you are comfortable sending chosen images, prompts, and related media metadata to nemovideo.ai for cloud processing. Avoid sensitive or private media unless you trust that service's handling and retention practices, and review token/account usage before relying on anonymous credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The routing table ends with a broad default of "Everything else" to the SSE action, which can cause the skill to activate on generic user requests that are not clearly about this capability. In a skill that uploads content and forwards prompts to a third-party cloud backend, over-broad invocation increases the risk of unintended data transmission, user confusion, and accidental external actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup and workflow text instruct the agent to connect to a cloud backend, obtain tokens, create sessions, and upload user media, but the user-facing description does not clearly disclose that files and prompts are sent to a third-party service. This is dangerous because users may unknowingly share sensitive images, text, or metadata with an external processor without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal