ClawHub

Free Text Image

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real cloud media-generation skill, but it is broader than its text-to-image branding and can automatically send prompts or uploaded media to a third-party rendering service.

Review before installing. Use this only for prompts and media you are comfortable sending to the NEMO cloud service, require explicit confirmation before uploads or exports, and prefer a dedicated low-privilege token. This is not evidence of malware, but the scope and data flow are broader than the text-to-image presentation suggests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill is marketed as simple text-to-image generation, but the implementation exposes a much broader remote video-editing and export workflow with session management, uploads, timeline state, and rendering. This mismatch can mislead users and host systems about the real capabilities and data flows, increasing the chance of unintended file uploads, remote processing, and over-privileged activation.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The internal documentation repeatedly describes video rendering, GPU jobs, MP4 generation, and timeline-oriented processing despite branding the skill as image generation. This deceptive or inaccurate framing weakens informed consent and can cause users to provide inputs under false assumptions about what will be processed and returned.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation phrase is generic enough to match ordinary conversation, making accidental activation more likely. In a skill that can automatically connect to a remote service and later process or upload content, ambiguous triggering increases the risk of unintended network actions and user confusion.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The catch-all routing rule sends 'everything else' to the SSE action, which substantially widens the activation surface and makes behavior hard to predict. Because SSE drives backend operations, vague prompts could be transmitted to the remote service without sufficient user intent verification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs automatic cloud connection and anonymous token acquisition on first use without a clear upfront warning that data and identifiers will be sent to an external service. Silent remote authentication and session creation undermine transparency and informed consent, especially when a generated client identifier is used for backend access.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The upload and export flows describe sending files and retrieving rendered outputs but do not clearly warn users about privacy, integrity, or remote handling risks. Users may upload sensitive media or trust returned files without understanding that third-party cloud processing and downloadable artifacts are involved.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal