ClawHub

Text To Video H2h

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real cloud video-generation skill, but it can send broad prompts, uploaded files, and URL-sourced content to a third-party backend with limited user-facing consent and scoping.

Install only if you are comfortable sending scripts, prompts, uploaded files, and possibly URL-fetched media to mega-api-prod.nemovideo.ai. Avoid confidential or personal documents unless you trust the provider's handling and retention practices, and use explicit video-generation commands rather than relying on broad prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill explicitly permits uploading content from arbitrary URLs, which expands its capability beyond user-provided script files into remote content fetching. This increases risk of unintended data exfiltration, SSRF-like abuse via backend fetchers, and user confusion about what external resources the skill may access.

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
The skill advertises broad editing and media-processing behavior such as overlays, audio tracks, timeline edits, and many output formats that go beyond the declared script-to-talking-head workflow. Scope expansion makes the skill harder for users and platforms to reason about and can enable unexpected handling of additional media types and operations not clearly disclosed in the manifest.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The example trigger phrases are very generic, such as 'export' or 'convert my text script,' which could match ordinary conversation and activate the skill unexpectedly. Overbroad activation increases the chance that users unintentionally send content to the remote backend or trigger cloud actions without clear intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The routing table includes a catch-all rule that sends 'Everything else' to the SSE action, effectively making nearly any prompt a backend action. This creates a high risk of unintended remote processing, especially when combined with broad editing semantics and cloud session persistence.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to upload user files and interact with a cloud processing backend, but it does not require a clear user-facing warning that files and prompts will leave the local environment. This is a meaningful privacy and consent issue, particularly for potentially sensitive documents like PDFs and DOCX files.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill describes automatic anonymous-token generation and remote session creation without requiring a user-visible notice that an external account/session will be created on their behalf. While lower severity than file transfer, this still affects transparency, consent, and user expectations around third-party service use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal