ClawHub

Ai Image To Video Maker

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real cloud video tool, but it needs review because it can connect, create sessions, and send media or prompts to an external service more broadly than the narrow photo-to-video description suggests.

Install only if you are comfortable with photos, remote URLs, prompts, and generated media being sent to nemovideo.ai. Use a dedicated token if possible, avoid sensitive personal or business images, and require the agent to ask before connecting, uploading, importing a URL, or exporting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest advertises a narrow JPG-photo-to-video tool, but the body exposes a much broader cloud media-editing and export capability, including generic session messaging, state inspection, uploads, and multi-format export. This mismatch can mislead users and hosts about the true authority of the skill, increasing the chance of unexpected external processing or use outside the declared scope.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The upload API supports URL-based ingestion even though the skill is presented as operating on user-provided product photos. URL ingestion expands the trust boundary, enabling retrieval of arbitrary remote content and making it easier to process unintended third-party or sensitive resources without the user appreciating that distinction.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation examples are overly generic, such as 'export 1080p MP4' and 'convert my images,' which can collide with ordinary user language and cause the skill to activate in contexts broader than intended. In a skill that performs automatic setup and external API interaction, accidental invocation can lead to unintended token generation, session creation, or data transfer.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The routing table includes a catch-all rule that sends 'everything else' to the SSE action, effectively granting broad handling of arbitrary user prompts. Because SSE messages drive backend editing behavior and may trigger follow-on state queries or exports, this creates an overbroad action surface inconsistent with the narrow stated purpose.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The description promises quick upload-to-download cloud processing but does not clearly warn users up front that their media and prompts will be transmitted to an external service. For a tool handling user media, lack of prominent disclosure undermines informed consent and can expose sensitive images or metadata to third-party processing unexpectedly.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The automatic setup instructs the agent to connect to external APIs and even acquire an anonymous token before doing anything else, without requiring prior user approval. This is dangerous because it initiates outbound network activity, account/session creation, and credential handling automatically, which can violate user expectations and platform trust boundaries even before the user knowingly opts in.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal