ClawHub

Photo Video Tiktok

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only cloud video creation skill that discloses its provider, token use, media upload, and render workflow, with no evidence of hidden code or destructive behavior.

Install only if you are comfortable sending selected photos, media URLs, prompts, and generated video state to the NemoVideo cloud service. Avoid confidential or sensitive media unless you trust that provider, and use a dedicated NEMO_TOKEN if you provide one.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a photo-to-TikTok workflow, but the documented behavior accepts arbitrary files and even remote sources, materially expanding the data-ingestion surface beyond user expectations. This can enable unintended handling of sensitive or unsupported content types and creates a mismatch between declared purpose and actual capability, which is a security and privacy risk.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Allowing upload by arbitrary URL introduces server-side fetching behavior that is not necessary for the stated photo-upload use case. URL ingestion can be abused to pull data from unexpected locations, including internal or sensitive endpoints if the backend is insufficiently protected, and it also obscures to users what data is actually being retrieved and transmitted.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The catch-all routing rule sends essentially any unmatched request to the generation/edit path, making accidental invocation likely. In practice this can cause unrelated prompts or attached content to be transmitted to the cloud backend without sufficiently specific user intent, increasing the risk of data over-sharing and unintended action execution.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup and usage text emphasizes convenience but does not clearly warn users that prompts and uploaded media are sent to a third-party cloud processing backend. This lack of prominent disclosure undermines informed consent and can lead users to unknowingly transmit personal, confidential, or copyrighted material off-device.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal