ClawHub

Text To Speech Video

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud video-generation connector, but users should only use it with scripts and media they are comfortable sending to NemoVideo.

Install only if you trust NemoVideo with the files and prompts you choose to process. Use a limited-purpose NEMO_TOKEN when available, monitor credit usage, and avoid uploading confidential, regulated, or proprietary scripts or media unless you have reviewed the provider’s data-handling terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is presented as a text-to-speech video converter, but the documented capabilities include broad media upload, editing, state inspection, and rendering workflows. This scope expansion can cause users or host systems to grant trust and data access under narrower expectations than the skill actually requires, increasing the risk of unintended data handling and misuse.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The routing table allows generic editing behaviors such as adding BGM, checking timeline state, uploading files, and exporting, which goes beyond the advertised task of converting written scripts into narrated videos. That mismatch weakens informed consent and can let the skill operate on broader user content or existing sessions than users reasonably expect from the manifest.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The catch-all rule routes virtually any unmatched request into generation/editing via SSE, creating an overly broad execution surface. This makes accidental or adversarial prompt phrasing more likely to trigger remote actions, including edits or processing of uploaded/session content, without clear user intent or narrowly scoped confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill says it connects to a cloud backend and encourages users to send scripts, but it does not clearly warn users up front that their uploaded files and prompts are transmitted to an external service for processing. Because this skill handles potentially sensitive documents and media, the missing disclosure materially increases privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill silently checks for environment credentials and, if absent, auto-provisions an anonymous token tied to a generated client identifier, without a clear user warning. Hidden credential use and automatic account/token creation can lead to unanticipated external authentication, consumption of credits, and opaque linkage of user activity to backend identifiers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal