ClawHub

Janitor Ai Image To Video

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only image-to-video skill that uses a disclosed remote NemoVideo backend, with no installer or local persistence, but users should know their media and prompts leave the device.

Install only if you are comfortable sending selected images, prompts, and rendering requests to nemovideo.ai. Avoid sensitive or private media, prefer a dedicated NEMO_TOKEN, and expect the skill to create or use a remote session when you ask it to generate, edit, or export video.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
80% confidence
Finding
Routing virtually all unmatched requests to the SSE generation/edit action creates an over-broad execution surface where ambiguous prompts are sent to a powerful remote backend. This can cause unintended actions, surprising data transmission, and weak user intent validation, especially because uploaded content and free-form prompts are forwarded off-platform.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to upload user files and prompts to a third-party backend but does not provide a clear upfront privacy warning to the user. This is dangerous because users may share sensitive images or text without informed consent, resulting in unintended external disclosure and retention by the service.

Missing User Warnings

Low
Confidence
75% confidence
Finding
The skill requires access to the sensitive NEMO_TOKEN environment variable and can also mint anonymous tokens, yet it does not clearly disclose credential use to the user. While this is not direct secret exfiltration in the documented flow, hidden use of credentials against a third-party service increases trust and privacy risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal