ClawHub

Ai Image To Video King

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only cloud image-to-video workflow that discloses its NemoVideo API use, media uploads, token/session setup, and export behavior.

Install only if you are comfortable sending the media and prompts you provide to NemoVideo's cloud API and using a NEMO_TOKEN or anonymous token that may affect credits or service limits. Avoid uploading sensitive personal, confidential, or regulated media unless you trust that service's handling and retention policies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as an image-to-video tool, but the documentation broadens behavior into a general media-editing pipeline with uploads, credits, state inspection, text/audio handling, and export operations. This creates a capability mismatch that can cause users or the host agent to authorize actions and data flows they did not reasonably expect, increasing the chance of unintended file handling and external API use.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The accepted file types include videos and audio formats even though the skill metadata and description imply an image-upload workflow. This mismatch can lead to users unintentionally sending broader categories of media to third-party services, undermining informed consent and expanding the attack surface for data exfiltration or unexpected processing.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The routing rule sends 'everything else' to the SSE action, which is overly broad and can capture unrelated or ambiguous user requests. In an agent setting, catch-all invocation logic increases the chance of unintended activation, causing prompts or attached content to be forwarded to an external backend without a sufficiently specific user intent signal.

Vague Triggers

Medium
Confidence
78% confidence
Finding
Phrases like 'send it over' and generic requests to describe what you need are broad enough to overlap with ordinary conversation. Ambiguous invocation language raises the risk that the host agent may activate the skill in contexts where the user did not mean to use this external service, leading to accidental data transmission or workflow takeover.

Missing User Warnings

High
Confidence
97% confidence
Finding
The setup instructions direct the agent to connect to external cloud APIs, obtain tokens, create sessions, and process user media remotely, but the description does not clearly warn users that their uploads and prompts are sent to third-party services. This is dangerous because users may share sensitive images or media under the assumption of local-only processing, resulting in privacy loss, compliance issues, and unanticipated retention by external infrastructure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal