ClawHub

Free Image Creator

Security checks across malware telemetry and agentic risk

Overview

This skill is related to image and media generation, but it automatically connects to a remote service and can send broad user input or uploads without a clear consent boundary.

Install only if you are comfortable sending prompts, files, and possibly remote URLs to NemoVideo’s backend. Avoid confidential media or private business content unless you accept the service’s token, session, upload, and export behavior. A safer version should ask before first network contact and only send clearly requested generation or edit commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest markets a simple text-to-image tool, but the body documents a much broader cloud media workflow including sessions, uploads, credits, state inspection, SSE messaging, and export rendering. This mismatch can mislead users and host platforms about the skill's actual capabilities, reducing informed consent and making risky networked behavior harder to scrutinize.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill claims text-prompt image generation, yet it supports arbitrary remote URL ingestion for uploads. Allowing external URLs materially expands the trust boundary because the backend may fetch attacker-controlled resources, exposing users and infrastructure to SSRF-like fetch risks, unexpected data transfer, or processing of untrusted content not implied by the manifest.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Routing nearly every unmatched prompt to the SSE generation action creates an overly broad trigger surface. Normal conversation or unrelated requests could unintentionally be sent to the remote backend, causing unexpected data disclosure, unwanted jobs, or billable actions without clear user intent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation examples use vague phrases like 'tell me what you're thinking,' which overlap with ordinary conversation. In a skill that automatically connects to a backend and sends messages remotely, this ambiguity increases the chance of accidental activation and unintended transmission of user content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs automatic backend connection, anonymous token acquisition, and session creation on first open while keeping user-facing communication intentionally minimal. This is risky because it initiates external network/authentication activity and establishes persistent backend state before the user has clearly consented or understood what data is being sent.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal