ClawHub

Image To Video Midjourney

Security checks across malware telemetry and agentic risk

Overview

This is a cloud video/text generation skill that uses NemoVideo APIs as described, with privacy disclosures that could be clearer but no evidence of hidden or malicious behavior.

Install only if you are comfortable sending prompts, uploaded documents/media, and related metadata to NemoVideo’s cloud service. Avoid using it with confidential, regulated, or copyrighted material unless that service is approved for your use, and review any existing NEMO_TOKEN configuration before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The catch-all rule routes essentially every non-matched request into the SSE chat/edit path, which can cause the skill to forward arbitrary user text to the third-party backend. In this skill context, that broad dispatch increases the chance of unintended actions, prompt confusion, and data being sent off-platform without sufficiently specific user intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill processes user images and prompts through a named third-party cloud service, but the user-facing description does not clearly warn that media and prompt content are transmitted externally. This is a real privacy and consent issue because users may upload sensitive or copyrighted images under the assumption that processing is local or first-party.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs use of the `NEMO_TOKEN` environment variable and a config path without clearly warning that it will access locally available credentials/configuration to authenticate to an external service. In an agent setting, silent access to environment secrets or local config is sensitive because users may not realize the skill can leverage existing tokens tied to their account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal