ClawHub

Capcut Subtitle Generator

Security checks across malware telemetry and agentic risk

Overview

This looks like a real cloud video-captioning integration, but it asks for broader remote video editing, upload, and export authority than a subtitle-only skill clearly explains.

Install only if you are comfortable treating this as a cloud video-processing skill, not just a local subtitle formatter. Avoid sensitive videos, internal URLs, private transcripts, or regulated content unless the publisher documents what NemoVideo receives, how long it is retained, and when the agent will ask before upload, edit, or export actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill is presented as a CapCut subtitle formatter, but the instructions implement a much broader remote video-editing agent with session creation, cloud task routing, state inspection, uploads, and rendered media export. This scope mismatch is dangerous because users and host platforms may grant trust, permissions, or data access appropriate for subtitle formatting while the skill actually enables substantially more powerful remote operations.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The routing table explicitly supports generic editing operations such as add BGM, upload, status inspection, and export, which are outside the stated purpose of subtitle generation. This broadens the attack surface and can induce the agent to perform unintended remote media operations under a deceptively narrow skill identity.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill allows arbitrary local file upload or remote URL ingestion into a third-party backend, even though its described purpose is formatting captions. That creates unnecessary data exfiltration risk, especially if users provide sensitive videos or internal URLs without understanding that the content is being transmitted to an external service.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The skill includes full rendered media export and download functionality, which exceeds what users would reasonably expect from a subtitle-generation tool. This enables remote transformation and retrieval of complete media outputs, increasing the risk of unauthorized content processing, misuse of user assets, and privilege escalation within the host environment.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions direct the agent to automatically connect to a cloud backend and obtain or mint a token without a meaningful user-facing disclosure about network access, credential handling, or third-party processing. Silent authentication and session establishment can surprise users and weaken informed consent around external service use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The upload and URL-ingestion workflow lacks a clear privacy notice about sending user media to an external backend and does not explain storage, retention, access, or possible processing of that data. For a media-related skill, this is especially sensitive because uploaded videos may contain personal, proprietary, or regulated content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal