ClawHub

HiAPI Video Prompt Generator

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real HiAPI video-prompt helper, but its install and update flows can modify agent skill directories and run remotely supplied update commands without clear user confirmation.

Install only if you are comfortable with a GitHub-based installer modifying your agent's skill directory. Prefer reviewing the files or using a scoped manual install, and avoid running remotely printed update commands without checking them. Do not include secrets, private URLs, unreleased business plans, or confidential media references in prompts you later send through HiAPI render commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to execute a remote GitHub package via `npx` that auto-detects agent skill directories and writes files into them, but it does not provide an explicit warning that this grants code from a remote repository local filesystem write access. Even if the current repository is benign, this installation pattern increases supply-chain risk because a compromised repo, dependency, or account could silently modify trusted agent skill paths and influence later agent behavior.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The skill explicitly prefers 'reputable English-language background coverage if needed,' which can steer the agent toward sources in a language the user did not request and may exclude more relevant primary or local-language materials. This is dangerous because it can introduce bias, reduce accuracy for non-English topics, and cause the system to override user language or sourcing expectations without consent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The default invocation text is broad and action-oriented, which can cause the skill to be triggered for common user requests about turning a brief or topic into a video prompt. Because implicit invocation is enabled, this increases the chance of accidental routing into the skill without clear user intent, potentially exposing users to unintended prompt transformation or source-grounding behavior.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This handoff reference instructs the skill to generate copy-pasteable commands that submit prompts and media reference URLs to external HiAPI services, but it does not clearly warn users that their text, links, or asset identifiers may leave the local environment. In a prompt-generation skill, users may paste sensitive briefs, internal research topics, or private media references, so the missing disclosure creates a realistic risk of unintended data exfiltration to third-party infrastructure.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The guidance instructs the skill to use user-provided links and external sources, but it does not require any privacy or consent warning before fetching them. That can expose user interest patterns, transmit metadata to third-party sites, or cause the system to retrieve sensitive/internal URLs supplied by the user without an explicit boundary, which is a real security and privacy concern in a source-gathering workflow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The installer unconditionally removes any existing destination directory before cloning, and this happens without an additional confirmation when run with --yes or in non-interactive mode. If the target path is misconfigured, attacker-influenced, or simply unexpected, the script can destroy existing skill contents and replace them, causing data loss or unauthorized overwrite of trusted local code.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal