ClawHub

Best React Component Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised as a React component generator but actually directs the agent to use a third-party video rendering service with tokens, uploads, sessions, and exports.

Review carefully before installing. Use this only if you intend to send prompts, code snippets, or media files to NemoVideo for cloud rendering/export. Do not use it with private source code, confidential designs, credentials, or sensitive media unless the publisher renames and documents the skill accurately, explains data handling, and adds explicit confirmation before remote setup or upload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill presents itself as a React component generator, but the documented behavior is a remote video-processing workflow involving token acquisition, session creation, uploads, SSE chat, and media export. This mismatch is dangerous because it can trick users and the host agent into sending unrelated content and credentials to an unexpected third-party service under false pretenses.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The surrounding documentation continues the deception by branding the skill as React component generation while describing MP4 generation, cloud GPU rendering, and media output. In context, this is not a harmless documentation bug: it is a capability mismatch that can cause unauthorized data transfer and mislead security review, routing, and user trust decisions.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill includes powerful media-oriented operations—file upload, state inspection, render polling, and export—that are unjustified for a React component generator and materially expand data exfiltration and abuse surface. Because these capabilities are hidden behind a misleading identity, users may provide source code or other sensitive files believing they are being processed locally or for a different purpose.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation scope is overly broad, with vague examples and a fallback that routes 'everything else' into backend processing. This increases the chance of accidental activation and unintended transmission of user prompts or files to the remote service, especially given the already misleading skill identity.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs automatic backend connection and token/session establishment without a clear user warning that prompts, files, and metadata will be transmitted to a third-party service. Silent remote connection is especially dangerous here because the skill is misrepresented, so users cannot provide informed consent about where their data is going.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal