ClawHub

Music Generator Hd

Security checks across malware telemetry and agentic risk

Overview

This is a cloud media-generation skill that clearly uses a NemoVideo backend, with privacy-relevant uploads and broad prompts but no evidence of hidden, destructive, or deceptive behavior.

Install only if you are comfortable sending media files, media URLs, prompts, session data, and render requests to NemoVideo cloud services. Avoid sensitive or private media unless you have reviewed the provider's privacy and retention terms, and protect or rotate NEMO_TOKEN like any other service credential.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as a simple music-generation tool, but the body expands into a broader cloud video-editing and timeline-manipulation workflow. This mismatch can cause users and host agents to grant broader file and action scope than expected, increasing the chance of unintended uploads, edits, or exports to a third-party backend.

Description-Behavior Mismatch

Low
Confidence
82% confidence
Finding
The manifest advertises support mainly for MP4, MOV, WAV, and MP3 up to 200MB, while the body later claims many additional media types and broader processing behaviors. This inconsistency can mislead agents and users about what content may be accepted and transmitted, causing accidental processing of files outside the expected scope.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Routing 'everything else' to the SSE action creates an overly broad catch-all that can send arbitrary user text to a remote backend without a precise intent match. In this skill, that is more dangerous because the SSE endpoint appears to drive stateful editing actions, so ambiguous prompts may trigger unintended remote operations on user media or session state.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup and workflow instruct the agent to connect to a cloud backend, create tokens and sessions, and process prompts/files remotely, but they do not clearly warn users that their content will be transmitted off-platform. Because this skill handles media files and free-form prompts, the lack of explicit disclosure meaningfully increases privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The manifest declares access to an environment token and a local config path, but the skill does not clearly explain to users that it will access sensitive credentials and local configuration in order to operate. Even if the token is not exposed directly, silent credential use widens trust boundaries and can surprise users or integrators about the level of access required.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal