ClawHub

Ai Video Generator From Text

Security checks across malware telemetry and agentic risk

Overview

This cloud video skill is not clearly malicious, but it needs Review because it can automatically connect to NemoVideo and send broad prompts or large uploads without clear consent boundaries.

Review before installing. Use it only if you are comfortable sending prompts, documents, media files, URLs, client/session identifiers, and render state to NemoVideo. Avoid confidential material unless the user explicitly approves the third-party processing, and prefer a version that asks before connecting, creating tokens, uploading files, or sending ambiguous prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is marketed as a text-to-video tool, but the documented behavior expands into general media upload, editing, and rendering workflows. This scope mismatch can mislead users and host systems about what data types will be accepted and transmitted, increasing the chance of unintended data exposure or policy bypass when users provide files they would not have shared under a narrower description.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example invocation phrases are broad enough to match ordinary user conversation, which can cause accidental activation of the skill. In a skill that uploads prompts/files to a third-party cloud backend and can initiate sessions automatically, overbroad triggering increases the risk of unintended data transmission and confused-deputy behavior.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The catch-all rule routes 'everything else' into the SSE action, meaning ambiguous or unrelated inputs may be forwarded to the remote backend. Because SSE is the main cloud-processing path, this greatly expands the chance that incidental user text, sensitive prompts, or unintended commands are sent off-device without clear user consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill omits a clear warning that prompts and uploaded content are sent to a remote cloud service for processing. In a tool handling potentially sensitive documents and text, lack of disclosure undermines informed consent and can lead users to expose confidential information to a third party unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal