ClawHub

Ai Image To Video Effect

Security checks across malware telemetry and agentic risk

Overview

This is a cloud image-to-video skill that uses NemoVideo APIs and tokens, with privacy-relevant remote processing but no hidden code or destructive behavior found.

Install this only if you are comfortable using NemoVideo as a cloud processor. Avoid uploading sensitive, confidential, or regulated images or audio unless you trust that provider’s data handling, and prefer a dedicated NEMO_TOKEN that you can rotate or revoke.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a simple image-to-video converter, but the instructions expose a much broader remote editing surface including timeline manipulation, text/audio tracks, export orchestration, and multi-format processing. This mismatch increases the chance that users or the host agent send data and commands beyond what was reasonably disclosed, creating scope-creep and unexpected remote actions.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to silently obtain an anonymous token and create a backend session, including credits handling, even though the visible purpose is just image-to-video conversion. Automatic account-like provisioning and token minting without clear user awareness can create undisclosed network activity, unexpected persistence, and abuse of third-party resources under a generated identity.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Routing 'everything else' to the SSE generation action creates an overly broad command surface where unrelated or ambiguous user input is forwarded to a remote backend. In practice this can cause unintended data transmission, misuse of remote editing features, and prompt-triggered actions outside the narrow image-to-video use case.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly says to connect automatically and acquire an anonymous token if one is not present, but does not require a clear opt-in before network transmission and session creation. This is dangerous because user content and metadata may be sent to a third party before the user understands that a remote service, token issuance, and cloud processing are involved.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal