ClawHub

magic-image-to-video

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: it sends a user-provided prompt and image to MagicLight to create a video, but users should treat that input as leaving their machine.

Install only if you trust MagicLight and are comfortable sending the selected prompt and image to that service. Avoid sensitive prompts, private/internal URLs, and non-image local files; use a scoped or dedicated MAGIC_API_KEY where possible, and expect task creation to use service quota or credits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tainted flow: 'req' from os.environ.get (line 124, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
put_url = image_put_url_resp.get("data", {}).get("put_url")
            # put_url是临时上传地址,需要上传图片到put_url
            req = urllib.request.Request(put_url, data=image_content, method="PUT")
            with urllib.request.urlopen(req, context=_get_ssl_context()) as resp:
                status = resp.getcode()
                if status != 200:
                    raise Exception(f"Failed to upload image to put_url, status: {status}")
Confidence
91% confidence
Finding
with urllib.request.urlopen(req, context=_get_ssl_context()) as resp:

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill uses environment secrets and makes outbound network requests to a remote service, but it does not declare explicit permissions. That weakens transparency and policy enforcement, making it easier for an agent or user to invoke a capability that exfiltrates prompts, image URLs, local file paths, and API-backed requests without clear permission boundaries.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly supports sending user text, image URLs, and even local file paths to a remote video service, but the description does not clearly warn users that this data leaves the local environment. This can cause unintentional disclosure of sensitive prompts, internal URLs, filesystem structure, or private local assets to a third party.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
When a local path is supplied, the file is read and uploaded to a remote service, but the command interface does not clearly warn the user that local content leaves the machine. In an agent-skill context, this matters because callers may treat a local file path as local-only processing and unintentionally expose sensitive images.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill transmits user prompt text and image URLs to an external API, but the interface does not make that external disclosure explicit. In an agent environment, prompts and URLs may contain sensitive business or personal data, so silent transmission to a third party increases privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal