ClawHub

Video Generator Free Models

Security checks across malware telemetry and agentic risk

Overview

This is a real cloud video-generation skill, but it can automatically create remote sessions and send broad prompts or uploaded media to a third-party backend without clear user-facing consent.

Review before installing. Use it only with prompts and media you are comfortable sending to nemovideo.ai, prefer a NEMO_TOKEN you control, and require explicit confirmation before token creation, uploads, generation, edits, exports, or credit-related actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The manifest presents the skill as a simple text-to-video generator, but the body documents materially broader capabilities including uploads, editing, audio/text track handling, session state inspection, and export workflows. This scope mismatch can mislead users and host platforms about what data and actions the skill will perform, increasing the chance of unintended data transfer or overly broad authorization.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill silently acquires anonymous tokens and manages session and credit lifecycle logic beyond the stated core function. That expands the trust boundary from content generation into authentication handling, and users are not clearly informed that the skill may create remote accounts/sessions on their behalf and interact with quota/credit systems.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation text is broad enough that ordinary conversation about video creation could trigger the skill unintentionally. Accidental activation matters here because the skill is designed to immediately connect to a remote backend and potentially transmit prompts or files.

Vague Triggers

High
Confidence
96% confidence
Finding
The routing table includes a catch-all rule sending 'Everything else' to the SSE action, effectively making nearly any unmatched input a backend-bound operation. In this context, that can cause unintended remote processing and data disclosure because arbitrary user text may be forwarded to an external API without clear boundaries.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to establish a backend connection and create sessions/tokens before handling requests, but it does not clearly warn users that their prompts and possibly files will be transmitted to a third-party service. Lack of transparency undermines informed consent and can expose sensitive creative content or media unexpectedly.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The workflow describes cloud rendering, polling, and download URLs, but the skill does not prominently warn users that exports and downloadable artifacts are hosted on external infrastructure. While less severe than silent prompt/file transmission, this still affects privacy expectations and data handling awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal