ClawHub

Ai Videoclip Generator Free

Security checks across malware telemetry and agentic risk

Overview

This is a cloud video-generation skill whose behavior matches its purpose, but uploaded media and prompts are sent to NemoVideo for processing.

Install only if you are comfortable sending the text, images, videos, audio, URLs, and edit prompts you provide to NemoVideo's remote service. Avoid confidential or regulated media unless you trust that provider's privacy and retention practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill advertises broad, common phrases such as 'upload', 'generate', and generic video-editing requests that can match ordinary user intent and trigger the skill unexpectedly. In this context, accidental invocation is more dangerous because the skill then initiates backend authentication/session setup and may encourage file upload or remote processing without the user deliberately choosing this provider.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to send text or images and establishes a backend session, but it does not provide a clear upfront notice that user content will be transmitted to a third-party remote service for processing. Because this skill is explicitly file- and media-oriented, users may upload sensitive brand assets or unpublished media, making silent external transfer a meaningful privacy and data-handling risk.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
Hard-coding session creation to English removes user choice and can cause prompts or generated output to be processed under the wrong language setting. While not a classic security bug, it can create misleading behavior, reduce transparency, and in multilingual contexts may cause unintended handling of user content or incorrect translations sent to the backend.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal