ClawHub

Openai Image To Video

Security checks across malware telemetry and agentic risk

Overview

This skill appears to provide a real cloud image-to-video workflow, but it is branded as OpenAI while automatically creating sessions with a NemoVideo backend and routing broad prompts into networked processing.

Install only if you are comfortable with media, prompts, URLs, and project state being sent to nemovideo.ai, not an OpenAI service. Avoid sensitive or confidential media, and require explicit confirmation before setup, upload, URL ingestion, generation, or export.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill’s manifest presents a narrow image-to-video capability, but the body documents a much broader remote multimedia editing, rendering, export, and format-conversion workflow. This scope mismatch can mislead users and host platforms about what the skill actually does, reducing informed consent and increasing the chance that broader networked actions and data handling occur without appropriate review.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The manifest frames the skill as operating on user-uploaded images, but the upload API also accepts arbitrary remote URLs as media sources. Allowing URL-based ingestion materially expands the trust boundary and can enable unexpected remote fetching behavior, which may be abused to process untrusted external content or mask the true origin of data being sent to the backend.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The example invocations are overly generic phrases such as 'export' and 'convert my images', which can collide with normal conversation or other skills’ intents. In an agent environment, broad triggers increase the risk of unintended activation, causing accidental network actions, uploads, session creation, or media processing without clear user intent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The catch-all routing rule sends 'everything else' to the SSE generation pathway, creating an extremely broad trigger surface. This makes accidental or unrelated user input more likely to be interpreted as an instruction for remote processing, increasing the chance of unintended data transfer and backend execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to automatically connect to a remote backend and, if no token exists, generate a client identifier and obtain an anonymous token, while keeping communication brief. This is dangerous because it performs network authentication and account/session creation without meaningful user disclosure or consent, potentially surprising users and silently establishing persistent identifiers and remote state.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal