ClawHub

Ai Image Online

Security checks across malware telemetry and agentic risk

Overview

This image-to-video skill is mostly coherent, but it can automatically connect to a third-party cloud service and route broad, unmatched user text there.

Review before installing. Use this only if you are comfortable sending selected prompts, images, audio, and project state to mega-api-prod.nemovideo.ai, and avoid confidential or regulated media. Prefer explicit commands like upload, generate, status, or export, and watch for accidental activation because the skill's routing is broad.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The activation phrases are extremely broad and incomplete, including generic language like "export 1080p MP4" and an unfinished phrase "turn my product photo into a". This can cause the skill to activate during ordinary conversation or unrelated tasks, leading users to unintentionally send prompts, files, or follow-on actions to an external cloud backend. Because this skill uploads user content and can create remote sessions/tokens, accidental invocation is more dangerous than for a purely local skill.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The routing table sends "Everything else" to the SSE action, effectively making the skill a catch-all for broad classes of user input. That creates a prompt-routing vulnerability where unrelated messages may be forwarded to the remote service, potentially disclosing sensitive text or triggering unintended remote operations. In this skill's context, the risk is elevated because the backend supports stateful editing, uploads, exports, and long-lived sessions tied to a token.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal