ClawHub

Ai Video Maker From Script

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do script-to-video generation, but it can automatically connect to a third-party cloud service and route broad or unrelated content there without clear user confirmation.

Review before installing. Use this only if you are comfortable sending scripts, prompts, uploaded files, URLs, and generated project state to NemoVideo cloud services. Avoid confidential scripts, client materials, or personal data unless you have confirmed the provider's privacy and retention terms, and use a limited-purpose NEMO_TOKEN.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill markets itself as accepting only script-oriented inputs (TXT, DOCX, PDF, SRT), but its documented upload behavior allows arbitrary local file uploads and URL-based ingestion across many unrelated formats. This broadens data exposure beyond user expectations and can cause accidental exfiltration of sensitive local files or remote fetching of untrusted content through the backend.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The phrase "Or just tell me what you're thinking" is overly broad and can cause the skill to activate on unrelated user requests, increasing the chance that non-video content is sent to the external backend. In an agent environment, vague invocation language can widen data collection and trigger unintended actions outside the advertised purpose.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The catch-all routing rule sends "everything else" into the SSE generation path, so unrelated prompts may be forwarded to the cloud service and interpreted as editing or generation commands. This increases the risk of over-collection, unintended remote processing, and surprising agent behavior beyond the skill's stated scope.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to establish a backend connection and upload user content, but it does not provide a clear user-facing warning that scripts and prompts are sent to a third-party cloud API. This undermines informed consent and may expose sensitive unpublished scripts or proprietary documents without adequate disclosure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The metadata indicates the skill may use local environment credentials and config paths for authentication, but users are not warned that existing local secrets or config files could be consulted. In an agent setting, undisclosed use of local credentials is sensitive because it affects trust boundaries and may surprise users who expected a simple file conversion tool.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal