ClawHub

Text To Video In Filmora

Security checks across malware telemetry and agentic risk

Overview

This cloud video-generation skill is not clearly malicious, but it can automatically create a remote session and send broad prompts or uploaded media to a third-party backend with under-scoped user control.

Install only if you intend to use the NemoVideo cloud backend for video creation. Avoid uploading confidential scripts, customer documents, private media, or secrets unless you trust that provider and its terms. Require explicit confirmation before setup, uploads, generation, exports, or credit-consuming actions, and treat NEMO_TOKEN as a real credential.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest markets the skill as accepting only text/script documents, but the implementation explicitly supports broad media uploads including video, audio, and images. This mismatch can mislead users about what data may be sent to the backend and expands the skill’s effective data-handling scope beyond the disclosed purpose.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation examples are broad and conversational, making it easier for the skill to activate on ordinary user messages without clear intent. In a skill that can create sessions, acquire anonymous tokens, and send user content to a cloud backend, overbroad triggering increases the risk of unintended external actions and data disclosure.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The routing table sends 'everything else' to the SSE generation path, which is an overly permissive catch-all. That means ordinary conversation may be forwarded to the backend, causing unintended processing, session mutation, or cloud transmission of user text without sufficiently specific intent matching.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill describes cloud processing and automatic setup but does not clearly warn users that their prompts and uploaded files will be transmitted to a third-party backend. For a content-processing skill handling potentially sensitive scripts or media, lack of upfront disclosure undermines informed consent and can lead to inadvertent data exposure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal