ClawHub

Movie Subtitle Viewer

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it advertises, but it should be reviewed because it follows unvalidated download links and can write downloaded files outside a clearly bounded workspace.

Review before installing. Use a limited OpenSubtitles account, keep credentials in a normal secret store, and only download into a dedicated folder. Prefer an updated version that validates OpenSubtitles download hosts, limits redirects and response sizes, sanitizes filenames, prevents path traversal or overwrites, and clearly discloses when subtitle text may be sent to an AI provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'download_link' from requests.post (line 90, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
raise ValueError("No download link in response")
            
        # 下载实际文件
        r2 = requests.get(download_link, timeout=60)
        
        # 保存文件
        if save_path is None:
Confidence
91% confidence
Finding
r2 = requests.get(download_link, timeout=60)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly suggests sending parsed subtitle lines to an AI, but it does not warn users that subtitle contents may be transmitted to a third-party model or service. While movie subtitles are often public content, users may also process local or proprietary subtitle files, and the missing disclosure can lead to unintended data sharing and privacy/compliance issues.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases include very broad terms like "subtitle" and generic actions such as "搜字幕" and "下载字幕", which can overlap with normal user requests and cause the skill to activate unintentionally. In an agent framework, overbroad activation increases the chance of unexpected network access, file downloads into the workspace, and execution of skill logic when the user did not explicitly intend to invoke this skill.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code writes downloaded content to disk using either a caller-provided save_path or a filename derived from untrusted remote metadata, with no sanitization or path restrictions. This can enable path traversal or unintended overwrite of local files if an attacker controls the filename or if unsafe save_path values are passed through.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal