ClawHub

Video Dub Clawhub

Security checks across malware telemetry and agentic risk

Overview

This is a coherent video dubbing skill, but it should be reviewed because it sends transcript/subtitle text to cloud providers and gives unsafe credential-handling guidance.

Install only if you are comfortable giving the skill API keys, optional cookie-file access, and permission to send video-derived text to DeepSeek and the selected TTS provider. Avoid echoing secrets, avoid persistent user-level secrets on shared machines, and do not process private, regulated, or copyrighted media unless the provider terms and local artifact storage are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Tainted flow: 'audio_url' from requests.post (line 167, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
audio_url = query_data.get("data", {}).get("audio_url")
                if not audio_url:
                    raise ValueError(f"Volcengine TTS query missing audio_url: {query_data}")
                audio_response = requests.get(audio_url, timeout=120)
                audio_response.raise_for_status()
                output_path.write_bytes(audio_response.content)
                return
Confidence
95% confidence
Finding
audio_response = requests.get(audio_url, timeout=120)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation advertises and instructs use of environment access, file read/write, network access, and shell execution, yet no explicit permissions are declared. This creates a transparency and governance gap: agents or users may approve the skill without understanding it can download remote content, invoke local binaries, and write substantial outputs to disk.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The script can replace the model-produced translation for the opening segment with a hard-coded Chinese intro containing a date and presenter text that may not exist in the source subtitles. This is a content-integrity issue: it silently alters output semantics and can misrepresent the original video, which is especially risky in a localization pipeline for news or conflict-related content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill indicates use of external translation and TTS providers but does not clearly warn that source video-derived content such as transcripts, subtitle text, and possibly metadata may be sent to third-party services. This can expose sensitive or copyrighted content to external processors without informed user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The agent guidance tells an agent to set API keys and execute the pipeline without first requiring a user-facing warning about network downloads, third-party API use, shelling out to local tools, and creation of output files. In an automated agent context, that omission can lead to non-transparent execution of high-impact operations on behalf of a user.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users and agents to place sensitive values such as API keys and cookie-file paths into environment variables, and even to persist them at the user level, without any warning about credential exposure, shell-history leakage, multi-user access, or accidental disclosure through logs and screenshots. In this context, the pipeline handles media downloads and authenticated access, so encouraging persistent storage of secrets increases the chance of credential compromise and unauthorized account use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends transcribed subtitle content to DeepSeek via an external API without any explicit user notice, consent gate, or privacy warning. Transcript text can contain sensitive or copyrighted material, and in this video-localization context the transfer is automatic once the pipeline runs, increasing the risk of unintended data disclosure to a third party.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends subtitle/translation text to a TTS provider selected by configuration, and the default path uses EdgeTTSProvider, which may involve external network transmission of potentially sensitive transcript content. There is no consent prompt, warning, or explicit offline-only safeguard, so users may unknowingly disclose private or copyrighted text to a third-party service.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The provider sends arbitrary input text to Azure's external TTS endpoint, which can expose user content, transcripts, or other sensitive material to a third-party service. In a video localization pipeline, this is materially relevant because processed text may contain private, proprietary, or regulated data and the code provides no indication of consent, minimization, or policy enforcement.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This code sends user-provided subtitle/ASR text to a third-party API endpoint without any disclosure or consent mechanism at the call site. Subtitle text can contain sensitive spoken content, names, internal discussions, or copyrighted material, so silent external transmission creates a real privacy and data-governance risk, especially in a video-localization pipeline.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The code sends arbitrary input text to edge_tts, which is a network-backed TTS service, without any visible consent, warning, or data-classification guard in this file. In a video localization pipeline, transcript text may contain sensitive or copyrighted material, so silent exfiltration to a third-party service creates a real privacy and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal