ClawHub

Text To Video Meta Ai

Security checks across malware telemetry and agentic risk

Overview

This looks like a cloud video-generation skill, but its instructions are broader and less clearly disclosed than its text-to-video description suggests.

Review before installing. Use it only if you are comfortable sending prompts, uploaded files, and possibly media assets to the provider's cloud video service. Avoid confidential documents or private media unless you trust the provider, and require explicit confirmation before uploads, generation, exports, or use of any service token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill metadata and description present this as a narrow text-to-video tool, but the body documents a much broader remote video-editing capability including uploads, audio/text overlays, state inspection, and export workflows. This scope mismatch can mislead users and host agents about what data and actions are actually permitted, increasing the risk of unintended data exposure or overbroad invocation.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest says uploads are limited to text-oriented formats, but the documented behavior supports a much wider set of media formats for upload/export. This discrepancy can cause users or orchestrators to share files under false assumptions about the tool's scope, resulting in broader third-party data transfer than advertised.

Intent-Code Divergence

Low
Confidence
81% confidence
Finding
The later guidance expands usage beyond uploaded text files into broader media workflows, which conflicts with the earlier stated input scope. While this is primarily a transparency and expectation-setting issue, it can still contribute to unsafe data handling by encouraging users to submit content they did not expect to leave their environment.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation phrase guidance is broad enough to match common conversational language such as generic requests to generate prompts. Overly permissive triggering can cause unintended skill activation and remote transmission of user text to the backend without clear intent to use this specific service.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Routing 'everything else' to generation creates an overly broad catch-all that can treat unrelated user input as permission to send content to the remote generation backend. This increases the chance of accidental invocation, surprising data disclosure, and actions outside the user's intended scope.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The top-level description markets the functionality but does not clearly warn that prompts and uploaded files are sent to a remote cloud backend. Because the skill processes potentially sensitive user content, omission of this disclosure undermines informed consent and can lead to unintended exfiltration of private documents or media.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal