ClawHub

Ai Image To Video Openai

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud image-to-video connector, with privacy considerations but no evidence of malicious or deceptive behavior.

Install only if you are comfortable sending images, prompts, and render/session data to nemovideo.ai for remote processing. Avoid private or sensitive media unless you trust that service, and ask the agent to confirm before first connection, upload, or ambiguous edit requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill claims to be a single-image-to-video tool, but the instructions expand into a broader multimedia editing and timeline-management workflow. That scope expansion increases the chance the agent will process unrelated user content, make broader backend calls, and handle more data than users reasonably expect, which creates consent, data-minimization, and overreach risks.

Context-Inappropriate Capability

Low
Confidence
80% confidence
Finding
The skill instructs the agent to automatically obtain anonymous tokens and create persistent backend sessions, which extends behavior beyond a simple local transformation workflow. While this is likely needed for the service, doing it automatically without strong disclosure or user approval creates unnecessary authentication/session handling risk and can cause users to unknowingly send data to a third-party service.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation examples and prompting language are broad enough that the skill may activate on generic media-editing requests rather than only on its named image-to-video function. Over-broad triggering can cause unintended routing of user prompts and files into this skill, increasing the risk of accidental data disclosure to the remote backend.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The catch-all rule routing 'Everything else' to the SSE action is overly permissive and effectively turns the skill into a default handler for many ambiguous requests. In practice, that can cause unrelated prompts or attachments to be forwarded to the backend service, expanding exposure far beyond the stated product purpose.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to automatically connect to a remote backend and acquire credentials without a clear up-front warning that user content and metadata will be transmitted off-platform. This is dangerous because users may upload proprietary or sensitive images believing the operation is local, while the skill silently establishes remote processing and session state.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal