ClawHub

Image No Generator

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed cloud video-rendering integration that sends user-selected media and prompts to NemoVideo, with no evidence of hidden installation, local data harvesting, destructive actions, or deception.

Install only if you are comfortable using NemoVideo's cloud service. Avoid uploading confidential or rights-restricted media unless you trust that provider's privacy and retention practices, and monitor any NEMO_TOKEN or credits tied to your account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill markets itself as a narrowly scoped image-to-video tool without AI generation effects, but the documented workflow exposes broader editing, text, audio, and timeline manipulation capabilities. This scope mismatch can mislead users and downstream policy systems about what data types and operations the skill actually supports, increasing the chance of unintended data disclosure or misuse.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The description says users upload images, but later documentation permits video and audio uploads, which is a material capability expansion beyond the declared purpose. Users may provide sensitive media under false assumptions about processing scope, and security reviewers may under-assess the skill's real data-handling surface.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Routing nearly all unmatched requests to the SSE action creates an overly broad execution path that can forward arbitrary user input to the remote backend. This increases prompt-injection and unintended-action risk because ambiguous or off-topic requests may still trigger privileged backend operations instead of being rejected or clarified.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill sends user prompts and uploaded files to a third-party remote backend, but the initial description does not clearly warn users of this external transmission. This is a transparency and privacy issue because users may share sensitive media believing processing is local or limited to the host platform.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Automatically connecting to the backend on first open without a clear consent notice initiates external service interaction before the user has meaningfully agreed. Even if no file is uploaded yet, this can create identifiers, sessions, and logs tied to the user without transparent notice.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal