ClawHub

Filtrix Video Gen

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it sends user-provided prompts or images to Filtrix to generate and download videos, with the main risk being trust in that external service.

Install only if you trust Filtrix and the publisher with your prompts, selected input images, generated-video metadata, API key use, and account credits. Avoid sending sensitive or regulated media unless approved for that service, prefer a scoped or revocable API key if available, and set FILTRIX_MCP_API_KEY explicitly rather than relying on a generic MCP_API_KEY environment variable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Low
Confidence
95% confidence
Finding
The skill instructs users to send prompts, images, and request metadata to a third-party Filtrix MCP endpoint but does not provide a clear privacy or data-transmission warning. Users may unknowingly submit sensitive text or media to an external service, which is especially risky for enterprise, regulated, or personal content workflows.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly directs use of a remote MCP endpoint for video generation and status polling, which necessarily sends user prompts and often image inputs off-platform to a third-party service. Because there is no accompanying notice about external transmission, retention, or privacy implications, users and integrators may unknowingly disclose sensitive images or confidential prompt content to the remote provider.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal