ClawHub

Aoment Visuals

Security checks across malware telemetry and agentic risk

Overview

The skill appears to provide the promised Aoment image and video generation features, but it asks agents to update from an unverified remote ZIP and can fetch arbitrary reference-image URLs from the runtime before uploading them.

Review before installing. Use only if you trust Aoment with prompts, reference images, generated media requests, and the API key. Do not follow the automatic self-update instruction unless updates come through a reviewed, verified channel, and do not pass localhost, cloud metadata, private-network, or otherwise sensitive URLs as reference images.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The skill instructs the agent to automatically check for updates and download a replacement skill package from a remote URL before each invocation. This creates a remote code and instruction supply-chain channel unrelated to the immediate image/video generation action, enabling unreviewed changes to behavior and making compromise of the hosting endpoint highly impactful.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The documentation directs users or agents to download the latest skill package ZIP from a remote site, adding package retrieval and likely execution/install behavior beyond the core stated purpose of media generation. Because the package can change outside the reviewed skill content, this creates a supply-chain risk where malicious or compromised updates could introduce arbitrary behavior.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill performs requests.get on arbitrary user-supplied URLs before uploading the fetched content onward. This creates an SSRF-style primitive that can be used to make the host contact internal services, cloud metadata endpoints, or other restricted network locations, and can also be abused for bandwidth/resource consumption.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill does not clearly warn that prompts, reference images, and API keys are transmitted to a third-party service. For a generation skill, this omission is significant because user inputs may contain sensitive data or copyrighted/private images, and API credentials are also sent externally for registration and generation requests.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal