ClawHub

Ai Dance Video

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud video-generation skill, but users should treat uploaded photos, videos, URLs, and prompts as being sent to Nemovideo’s servers.

Install only if you are comfortable sending selected photos, videos, audio, URLs, prompts, and related session data to Nemovideo’s cloud service. Avoid using sensitive personal media unless you trust the provider’s privacy and retention practices, and keep NEMO_TOKEN private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The manifest markets a narrow portrait-to-dance feature, but the body documents a much broader remote media editing, upload, rendering, and conversion capability. This mismatch can mislead users and host systems about the true scope of data handling and actions the skill may perform, increasing the chance of overbroad invocation and unintended remote processing.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Allowing generic remote URL ingestion is broader than the stated use case and introduces server-side fetching behavior that can be abused to import arbitrary third-party content without clear user understanding. Even if the fetch occurs on the vendor backend, this expands the trust boundary, creates privacy and content-safety risks, and may enable misuse of the skill as a general URL-to-media ingestion proxy.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The invocation examples are extremely generic, including phrases like 'generate my images or video' and partial natural language triggers, which can cause the skill to activate during ordinary conversation. Overbroad activation is dangerous here because the skill can automatically connect to a remote backend, create sessions, and potentially route user media or prompts off-platform without sufficiently deliberate intent.

Vague Triggers

Medium
Confidence
96% confidence
Finding
Using 'Everything else' as a catch-all route to SSE means nearly any unmatched prompt may be forwarded to a remote backend for processing. In this skill context, that is especially risky because SSE is the main state-changing path, so unrelated or sensitive user text could be sent externally or cause unintended edits/actions without explicit user intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The description emphasizes convenience and server-side rendering but does not give a clear upfront privacy warning that uploaded media and prompts are transmitted to a third-party backend. Because this skill handles personal photos and videos, the omission meaningfully weakens informed consent and may expose sensitive biometric or personal content to external processing unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal