ClawHub

Tomoviee Tail to Video

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its video-generation purpose, but it includes overbroad Tomoviee documentation and unsafe credential-handling examples that should be reviewed before installation.

Install only if you are comfortable reviewing and constraining the skill to the first-last-frame video workflow. Avoid using the token helper with real production secrets in shared terminals or CI logs; prefer environment variables or an interactive secret prompt, and do not paste private, signed, localhost, or internal media/callback URLs into the third-party API.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The file is packaged with a skill declared only for first/last-frame-to-video generation, but the guide instructs use of many unrelated Tomoviee APIs such as image, audio, and text-to-video workflows. In an agent setting, this creates dangerous scope expansion: the model may infer unsupported capabilities, invoke unintended tools or parameters, and handle user requests outside the approved trust boundary, increasing the chance of data misuse, policy bypass, or unauthorized API consumption.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
Claiming the guide covers 'all Tomoviee AI APIs' materially conflicts with the skill's declared scope and can cause the agent to treat this skill as a general Tomoviee interface rather than a narrowly scoped video interpolation tool. That mismatch is risky because capability overclaiming in skill documentation can drive unauthorized behavior, mistaken tool selection, and excessive access to external services beyond what the user or platform intended.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script accepts app credentials on the command line and prints a credential-derived token directly to stdout. This creates a real secret-exposure risk because command-line arguments may be captured in shell history or process listings, and terminal/log output may be recorded by CI systems, scrollback, or shared consoles.

Credential Access

High
Category
Privilege Escalation
Content
app_secret = sys.argv[2]
    
    token = generate_access_token(app_key, app_secret)
    print(f"Access Token: {token}")
    print(f"\nUse in Authorization header as: Basic {token}")
Confidence
97% confidence
Finding
Access Token

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal