ClawHub

Image and Video Generation with Vydra API

Security checks across malware telemetry and agentic risk

Overview

The skill is a documentation-only Vydra media-generation integration with expected external API, billing, and API-key use, but users should handle prompts, media URLs, and credentials carefully.

Install only if you want an agent to use Vydra.ai for paid external media generation. Use a dedicated API key, prefer environment variables or a secret manager, restrict any credential file permissions, monitor credit usage, and require explicit approval before registration, buying credits, high-cost video generation, or posting generated media publicly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs agents to self-register using a human billing email and to store an issued API key locally, but it provides minimal guidance on secure handling of that personal and credential data. In an agentic context, this increases the chance of accidental exposure, unauthorized account creation, or insecure secret persistence on disk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation describes sending prompts and externally hosted media URLs to Vydra's API but does not clearly warn users that this data leaves the local agent environment and is transmitted to a third-party service. In an agent skill context, this omission can cause operators to unknowingly submit sensitive prompts, internal URLs, or user content to an external provider, creating privacy and data-governance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal