ClawHub

Convert Image To Ai

Security checks across malware telemetry and agentic risk

Overview

This skill transparently uses Nemo Video's remote service to turn user-provided media and prompts into AI-generated videos, with privacy and scope caveats but no evidence of hidden or destructive behavior.

Install only if you are comfortable sending selected images, media URLs, prompts, and editing session data to Nemo Video's external service. Avoid confidential, personal, copyrighted, or compliance-sensitive media unless you have reviewed the provider's privacy and retention terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill is presented as a simple image-to-AI-video converter, but the documented backend capabilities include broader editing functions such as timeline manipulation, audio, text, and export flows. This capability mismatch can mislead users and host platforms about what the skill can actually do, increasing the chance of unintended data handling or abuse beyond the declared scope.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill allows uploads from arbitrary remote URLs and supports many media formats unrelated to static-image animation. Accepting arbitrary URLs expands the attack surface to server-side request misuse, unexpected third-party data ingestion, and processing of content well outside the advertised purpose, which is especially risky for a user-facing automation skill.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The routing rule sends 'everything else' to the SSE message path, which makes the skill activate for nearly any unmatched request. Overbroad activation increases the chance of accidental invocation, unintended transmission of user prompts to the remote backend, and misuse outside the skill's intended image-conversion scope.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup and usage instructions direct the agent to send prompts, files, and session data to a third-party API, but the user-facing description does not prominently warn that their content leaves the local environment. This creates a transparency and privacy risk because users may upload sensitive images or prompts without informed consent about remote processing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal