ClawHub

Text To Video Ki

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only text-to-video skill that clearly uses a cloud video service, with privacy and attribution details users should understand but no evidence of hidden or destructive behavior.

Install only if you are comfortable sending prompts, uploaded media, and related job metadata to the NemoVideo cloud service. Do not use it for sensitive or confidential content unless you trust that service's privacy and retention practices; also note that it may send a coarse platform/source attribution header and use either your NEMO_TOKEN or an anonymous short-lived token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill advertises a narrow text-to-video purpose but documents broader capabilities including arbitrary media upload, timeline/state inspection, credit balance access, and multi-format export. This scope expansion can mislead users and host systems about what data and actions the skill will perform, increasing the risk of overcollection and unintended remote operations.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
The skill derives platform attribution from local installation paths and transmits it to the remote service, which is unrelated to core text-to-video generation. Even though the data is limited, it leaks local environment metadata and creates unnecessary fingerprinting surface for the backend.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad and generic, such as 'export' or 'convert my text prompt,' which can cause the skill to activate during unrelated conversations. In a skill that performs network calls, uploads content, and initiates rendering sessions, accidental activation can lead to unintended data transmission or remote job creation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The catch-all rule routes 'everything else' to the SSE editing/generation path, making activation logic overly permissive. Because that path sends user messages to a cloud backend, ambiguous routing increases the chance that unrelated prompts, sensitive text, or unintended instructions are transmitted off-platform.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to connect automatically to a cloud backend and create or obtain tokens, but it does not clearly warn users that their prompts and uploaded files will be sent to a third-party service. This undermines informed consent and can expose sensitive text or files to external processing without adequate notice.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal