ClawHub

Ai Image To Video Joyfun

Security checks across malware telemetry and agentic risk

Overview

This is a cloud image-to-video skill that is broadly consistent with its stated purpose, but users should understand that media, prompts, URLs, and session state are sent to NemoVideo.

Install only if you are comfortable sending selected images, media URLs, prompts, and render-session data to NemoVideo for cloud processing. Avoid confidential photos, private documents, internal URLs, regulated data, or unreleased product imagery unless you trust that provider and its data-handling practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is advertised as a simple image-to-video converter, but the instructions expose a broader remote media-editing surface including timeline/state access, text/audio features, and generalized routing. This mismatch can mislead users and host systems about what data and operations the skill may perform, increasing the chance of overbroad invocation and unintended external processing.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The API documentation supports many upload and export formats beyond still images and MP4 generation, which materially exceeds the stated scope of the skill. That broader file-handling surface increases the risk of users sending unintended media types to a third-party service and of the skill being used in ways not anticipated by its manifest review.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The workflow documentation describes iterative timeline editing and batch multi-file processing, which is materially broader than a one-image-to-one-video tool. This expands the amount of user content that may be retained and processed remotely, and creates a larger attack and privacy surface than users would infer from the manifest.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The catch-all rule routes 'Everything else' to the SSE backend, which can cause the skill to activate on unrelated prompts and transmit arbitrary user text to the external service. In context, this is more dangerous because the backend is a third-party cloud API and the skill auto-initializes sessions/tokens, so accidental invocation can lead to unintended data disclosure and remote actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs users to upload images and send requests to a cloud GPU service, but it does not prominently warn that files, prompts, and session state are transmitted to an external provider. Because the skill also supports broader media handling and persistent session workflows, this omission materially increases privacy and data-governance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal