ClawHub

Japanese Photo Video Maker

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud photo-to-video skill, with some consent and scope caveats but no artifact-backed malicious behavior.

Install only if you are comfortable sending selected photos, prompts, and render metadata to mega-api-prod.nemovideo.ai. Ask for confirmation before uploads, exports, or credit-consuming actions if you want tighter control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest presents a narrow photo-to-slideshow capability, but the instructions expose a substantially broader remote media-editing surface including timeline/state operations, text/audio tracks, URL-based imports, and export workflows. This mismatch can cause the host agent or user to authorize a skill under false assumptions, increasing the risk of unintended remote actions and data handling beyond the declared scope.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill can silently obtain anonymous tokens and perform credit/account-related operations even though the advertised function is simple photo video creation. That expands the privilege and billing surface, enabling unanticipated account creation, token issuance, and consumption of remote service resources without clear user awareness.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Routing 'everything else' to a generation/edit action creates an overly broad trigger that can cause unrelated user input to invoke remote editing operations. In practice, this weak scope control and makes accidental or manipulative prompt phrasing more likely to cause external network actions or modifications the user did not intend.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Keyword-based intent classification without clear scope limits is prone to overmatching and ambiguous action selection. This can misroute benign queries into operational API calls, especially in a skill that already performs uploads, session management, and exports against a remote backend.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description does not clearly warn users that their photos and prompts are sent to a remote cloud service for processing. This is a meaningful transparency and privacy issue because personal media and text may contain sensitive content, and users may believe processing is local or more limited than it is.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs automatic backend connection on first open, including authentication activity, without requiring explicit user acknowledgment. Silent network/auth actions are risky because they can create sessions, issue tokens, and transmit metadata before the user understands that an external service is being contacted.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal