ClawHub

Text To Best

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do legitimate cloud video-generation work, but its documented remote setup, uploads, session access, and broad trigger language are not clearly scoped enough for the data it may handle.

Review this skill before installing. Only use it if you are comfortable sending prompts, files, and video project state to the named cloud provider, and avoid giving it sensitive documents unless the provider terms and retention behavior are acceptable. Prefer explicit commands and confirmations before uploads, exports, session retrieval, or timeline edits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill is presented as a text-to-video tool for text documents, but its documented API surface supports broader file upload and media export workflows. This mismatch can mislead users and reviewers about what data types may be transmitted or processed, increasing the risk of unexpected handling of non-text content and broader remote data exposure.

Description-Behavior Mismatch

Low
Confidence
79% confidence
Finding
The high-level description suggests simple prompt-to-video generation, while the body documents session inspection, draft retrieval, and iterative timeline manipulation. This creates a transparency and consent problem because the skill has materially more powerful state access than users would reasonably infer from the summary.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation examples and routing rules are broad enough that ordinary phrases like 'export', 'status', or generic upload behavior may trigger the skill unintentionally. Unintended activation is risky here because the skill performs network actions, session creation, and remote processing that could expose user data without clear intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to automatically obtain tokens and connect to a remote API on first interaction, but does not prominently warn users that their prompts and uploaded files will be sent to third-party servers for processing. Automatic remote setup without informed consent is especially dangerous for a skill handling potentially sensitive documents.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal