ClawHub

Sora Video Generator Is Free

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only cloud video-generation skill that sends prompts and optional media to a third-party video backend, with privacy and consent considerations but no artifact-backed malicious behavior.

Install only if you are comfortable using the NemoVideo remote backend for AI video work. Do not send sensitive prompts, proprietary footage, personal media, or confidential audio unless you trust that service’s handling of uploads and session data; set your own NEMO_TOKEN if you want token control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a simple text-to-video generator, but its documented behavior expands into general video editing, uploads, audio/text track manipulation, state inspection, and broad export capabilities. This mismatch weakens user consent and expectation boundaries, making it easier to collect more data or perform more actions than a user reasonably anticipates from the advertised purpose.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Session-state inspection and GUI-action translation give the skill broader operational control than a straightforward text-to-video generator requires. In context, these features allow hidden interpretation and execution of interface-like commands against a remote backend, increasing the chance of unintended actions and excessive access to project state.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The catch-all routing rule sends nearly every unmatched request into the SSE action path, which can cause the skill to activate on prompts unrelated to the intended function. That broad trigger surface increases the risk of accidental invocation, unexpected remote transmission of user content, and abuse of backend-connected capabilities.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The example invocation language is generic and overlaps with common user phrasing, making unintended activation more likely. While not directly code-execution dangerous, it expands the chance that unrelated conversations or content get routed to the skill and then transmitted to the backend.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs automatic connection to a remote backend and supports prompt/media upload, but it does not clearly warn users that their text and files are sent to an external service. In a media-processing skill, this is especially risky because prompts and uploaded files may contain sensitive, proprietary, or personal data, so lack of disclosure undermines informed consent and privacy expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal