ClawHub

Bilibili Ai Subtitle Online

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud video-processing tool that is advertised mainly as subtitle generation but can upload videos, send broad editing prompts to a remote service, inspect account credits/state, and export rendered media.

Review before installing. Use this only if you intend to send videos and editing instructions to NemoVideo's cloud service, and avoid confidential, personal, copyrighted, or client media unless you trust that service and understand its retention policy. Confirm the exact operation before uploads, exports, credit checks, or broad editing prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest markets a narrowly scoped subtitle-generation skill, but the body documents a much broader remote video editing and rendering service. This scope mismatch can cause the agent to invoke capabilities the user did not reasonably expect, increasing the chance of unintended data transfer, broader task execution, and misuse of cloud editing features.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The routing table includes exports, credits, state inspection, uploads, and a catch-all path for general editing operations, which materially exceeds subtitle generation. Overbroad action mapping makes accidental or unauthorized invocation more likely, especially when generic prompts are routed into remote editing actions.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The documentation exposes a full cloud render pipeline, including session creation, chat editing, uploads, state, credits, and export operations, rather than a narrowly bounded subtitle API. This broad backend integration expands the attack surface and enables more powerful remote operations than the advertised purpose suggests.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
Account and credit balance inspection is not necessary for basic subtitle generation and exposes additional account metadata. While low severity by itself, it broadens access to user/account information and can normalize off-purpose interactions that the user did not request.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The catch-all rule routes virtually any remaining request to SSE-backed editing operations, making the trigger surface far too broad for a subtitle-focused skill. This can cause the agent to send unrelated user prompts to a remote backend or perform edits without clear user intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill states that it connects to a cloud backend and handles uploads, but it does not present a clear, up-front privacy warning that user media and prompt contents are transmitted to a third-party remote service. For a media-processing skill, this omission is significant because uploaded videos may contain sensitive personal, copyrighted, or confidential content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal