ClawHub

Ai Ai Image

Security checks across malware telemetry and agentic risk

Overview

This is a cloud image-to-video skill that sends chosen media and prompts to a NemoVideo API, with some broad routing that users should understand before installing.

Install only if you are comfortable using a third-party cloud renderer. Do not upload confidential, regulated, or sensitive media; keep NEMO_TOKEN private; and use the skill only when you explicitly want NemoVideo to process your files, URLs, and editing prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest presents the skill as a narrow JPG-to-1080p image animation tool, but the body exposes a much broader remote media-editing capability including uploads, SSE-driven editing, audio/text track manipulation, state inspection, credits, and export of many formats. This creates a scope-mismatch vulnerability because users and host systems may grant trust or permissions based on the declared purpose while the skill can perform materially broader remote operations than advertised.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The suggested trigger phrases are generic and overlap with normal conversation such as 'convert my images' or 'export 1080p MP4,' making accidental invocation more likely. Over-broad activation is dangerous here because the skill is designed to auto-connect to an external API and can initiate remote session setup and data handling before the user has provided clear, scoped consent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The catch-all rule routes 'Everything else' into the main SSE workflow, which is overly permissive and ambiguous. In practice, this means a wide range of ordinary user requests could be treated as commands for a remote editing backend, increasing the risk of unintended API calls, unintended uploads/processing, and confusing cross-intent behavior.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to automatically connect to an external API 'before doing anything else' and later supports uploads, but it does not require a clear up-front disclosure or affirmative consent before remote transmission. This is dangerous because user prompts and media may be sent to a third-party service immediately, creating privacy, data handling, and compliance risks that are not adequately surfaced at the point of action.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal