ClawHub

Ai Image To Video Hug

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud video-generation skill that sends user-selected media to NemoVideo, with no local executable installer or hidden persistence found.

Install only if you are comfortable sending the media you choose, related prompts, and generated project state to NemoVideo for cloud processing. Avoid sensitive personal images unless you have reviewed the provider's privacy and retention practices, and use a dedicated NEMO_TOKEN where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a narrowly scoped hug-photo animation tool, but the embedded documentation exposes a broader remote media-editing and export pipeline with generalized session, upload, state, and render capabilities. This scope expansion can cause the agent to perform actions the user did not reasonably expect, increasing the risk of unintended remote processing, broader data handling, and abuse of the linked backend beyond the declared purpose.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill includes account-adjacent functionality such as credits queries, anonymous token acquisition, and generalized project/session management that are not necessary for a simple image-to-hug-video workflow. These extra capabilities widen the privilege and data-access surface, making it easier for the skill to initiate backend interactions, inspect account state, or manage sessions in ways users may not anticipate.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation text is overly broad, allowing activation from generic phrases like describing a desired result rather than clear, scoped intent to animate a hug photo. Ambiguous triggering can cause the skill to intercept unrelated user requests and route user content to the remote backend without sufficiently specific consent.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The catch-all rule routing 'Everything else' to the SSE backend creates an almost unrestricted activation path. In practice, this can send arbitrary user prompts to a remote service, increasing the chance of unintended data disclosure, unexpected actions, and misuse of the external processing pipeline.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Although the skill later mentions server-side rendering, the primary description and workflow do not clearly warn users up front that uploaded images and prompts are sent to a third-party cloud service. Because the skill handles personal photos, this missing disclosure materially increases privacy risk and undermines informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal