Skillv1.0.4

ClawScan security

OpenSubtitles Read-only · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 27, 2026, 4:03 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, required environment variables, and runtime instructions align with its stated read-only purpose of searching, downloading, and extracting subtitle context; there are only minor implementation/instruction mismatches to be aware of.
Guidance: This skill appears to do what it claims: it calls the OpenSubtitles API, optionally logs in to obtain a token for downloads, saves .srt files to a local cache, and extracts subtitle text around a timestamp. Before installing: (1) Understand that the skill needs your OPENSUBTITLES_API_KEY and a User-Agent string — treat the API key like any sensitive credential and don't share it; (2) if you plan to use downloads, you may need to supply username/password or a token — those are only required for login/download and are optional otherwise; (3) the scripts will create and read files under {baseDir}/storage/subtitles — ensure you are comfortable with subtitle files being stored there; (4) ensure awk is available on systems that will run subtitle-context.sh (the top-level check in one script omitted awk); (5) although this is read-only and enforces a storage-directory check to avoid arbitrary file reads, follow the guardrails (don’t log keys, don’t share tokens). If you want extra assurance, inspect/run the included scripts in a restricted environment (or review their output on a single test query) before granting the API key to an agent.

Review Dimensions

Purpose & Capability: okName/description (OpenSubtitles read-only subtitle search/download and context extraction) match the required binaries (curl, jq, awk), the declared environment variables (API key and User-Agent), and the included scripts which call the OpenSubtitles API and extract .srt context. Optional credentials (username/password/token) are appropriate for login/download flows.
Instruction Scope: okSKILL.md and the scripts keep behavior within the stated scope: API calls only target the OpenSubtitles endpoints, downloads are saved to a localized cache, subtitle reads are constrained to the storage directory, and guardrails explicitly forbid logging/exposing secrets. The agent instructions do ask it to append remaining download quota to user responses (a UI/response behavior, not an exfiltration risk).
Install Mechanism: okThis is an instruction-only skill with shell scripts included; there is no install spec that downloads or executes external code. No high-risk installation behavior detected.
Credentials: noteRequested env vars (OPENSUBTITLES_API_KEY and OPENSUBTITLES_USER_AGENT) are proportional and expected. Optional login creds/token are reasonable for download flows. Minor inconsistency: SKILL metadata lists awk as a required binary, and subtitle-context.sh uses awk, but the API script's internal dependency check only verifies curl and jq (it omits awk). This is an implementation oversight but not a malign issue.
Persistence & Privilege: okThe skill does not request always:true or any elevated platform privileges. It stores downloaded subtitles under its own storage path as expected and does not modify other skills or global configuration.