ClawHub

Subtitle Generator

Security checks across malware telemetry and agentic risk

Overview

This subtitle skill appears intended to generate subtitles, but it automatically modifies the local environment and gives broad background/process instructions that deserve user review before installation.

Install only if you are comfortable with a background subtitle tool that may create ~/.whisper-venv, download Python packages, write subtitle files beside your videos, and send completion notifications containing local paths. Prefer running it in a controlled working directory, and look for a revised version with pinned dependencies, explicit setup consent, unique temporary files, and PID-scoped cleanup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
python_cmd = shutil.which("python") or shutil.which("python3") or "python3"
        else:
            python_cmd = shutil.which("python3") or shutil.which("python") or "python3"
        result = subprocess.run(
            [python_cmd, "-m", "venv", str(venv_path)],
            capture_output=True,
            text=True,
Confidence
79% confidence
Finding
result = subprocess.run( [python_cmd, "-m", "venv", str(venv_path)], capture_output=True, text=True, timeout=120, )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# Step 3: Install requirements.txt
    print("[Setup] Installing dependencies...")
    try:
        result = subprocess.run(
            [str(pip_path), "install", "-r", str(requirements_path)],
            capture_output=True,
            text=True,
Confidence
91% confidence
Finding
result = subprocess.run( [str(pip_path), "install", "-r", str(requirements_path)], capture_output=True, text=True, timeout=600, )

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly invokes shell commands and writes files, but it declares no permissions. This creates a transparency and policy-enforcement gap: a user or platform may approve the skill expecting a harmless subtitle utility while it can execute commands, create environments, install packages, and modify files on disk.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented purpose is subtitle generation, but the skill also performs environment bootstrapping, dependency installation, and system-event based wake/notification behavior. That mismatch is dangerous because users may trigger it for transcription without realizing it will execute package-management and environment-configuration actions on the host.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill's manifest describes subtitle/ASR functionality, but the implementation silently bootstraps a virtual environment and executes Python/pip subprocesses. That mismatch increases risk because users would not reasonably expect environment provisioning and package installation as part of routine subtitle generation.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill includes an external system-event notification feature that is not necessary for subtitle generation and can leak file names, paths, and processing metadata to another local tool. In an agent setting, unrelated side effects are more dangerous because they expand the trust boundary and create an unexpected exfiltration or signaling channel.

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The help text claims the main session AI will automatically send a Telegram notification, but the code only emits an openclaw system event. In an agent environment, misleading capability descriptions are dangerous because they obscure where data is sent and may trick operators into approving behavior they do not fully understand.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill omits a clear warning that first use may create a virtual environment and auto-install dependencies. This is dangerous because users can unknowingly authorize network access, package installation, disk writes, and environment changes simply by asking for subtitles.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code creates `~/.whisper-venv` and installs dependencies automatically without any prior warning or confirmation. Even if intended for convenience, silent filesystem and environment modification is a security and trust issue, especially for a user-facing subtitle skill where such side effects are not clearly disclosed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal