ClawHub

Script Generator Intl

Security checks across malware telemetry and agentic risk

Overview

This skill uses a disclosed cloud video/script service and its uploads, sessions, rendering, and token use mostly match the advertised purpose.

Install only if you are comfortable sending prompts, documents, media files, and optional URLs to NemoVideo's cloud service. Use explicit prompts for this skill, avoid sensitive or confidential uploads unless you trust the provider, and understand that it may create an anonymous token and remote session for processing and export.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest and top-level description frame the skill as multilingual script generation, but the body documents a much broader capability set including cloud video editing, session management, rendering, and file export. This scope mismatch can mislead users and host platforms about what the skill actually does, increasing the chance that users authorize uploads or remote processing they did not expect.

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
Supporting arbitrary URL-based ingestion expands the trust boundary beyond direct user file upload and can enable server-side fetching of remote content not clearly required for the stated purpose. If abused, this could facilitate retrieval of unintended resources, privacy issues, or backend misuse depending on how the remote fetch service is implemented.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The skill is presented as a script generator, but later instructions say backend GUI-like commands such as click, open, drag/drop, and export should be translated into API-side execution. This creates an authority mismatch where natural-language model output can trigger state-changing operations beyond user expectations, increasing the risk of unintended actions and confused-deputy behavior.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The invocation examples are broad and generic, such as 'generate my topic or brief' and 'export 1080p MP4', which can overlap with ordinary user requests outside this skill's intended context. Over-broad triggering increases the chance the skill activates unexpectedly and sends content to the external backend without sufficiently specific user intent.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The routing table uses permissive keyword matching and an 'everything else' fallback to SSE, meaning many ordinary prompts may be forwarded to the cloud backend. This is especially risky because the fallback path is the most powerful one and may process arbitrary user text or files without a narrowly scoped trigger.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to connect automatically to a cloud backend, obtain an anonymous token, create sessions, and process uploads, but it does not present a clear upfront warning or consent step to the user about third-party data transfer. This is dangerous because users may unknowingly send documents, media, or sensitive prompts to an external service and trigger account/session creation implicitly.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal