Subtitle Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it downloads YouTube subtitles and, when AI commands are used, sends the chosen transcript text to EvoLink for processing.

Install only if you are comfortable sending the subtitles or local transcript files you choose to process to EvoLink's API. Use only the download and languages commands if you want to avoid EvoLink transmission, and avoid passing sensitive non-subtitle files to summarize, translate, or keypoints.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill metadata declares required binaries and an environment variable but does not declare explicit permissions, while the documented behavior clearly includes shell execution, reading local subtitle files, and writing downloaded subtitles to disk. This creates a transparency and policy-enforcement gap: users or platforms may not realize the skill can access local files, invoke external tools, and exfiltrate subtitle or local file contents to a remote API.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script sends subtitle or transcript content to a third-party AI service (EvoLink) for summarize/translate/keypoints operations, but it does not provide an explicit privacy warning or require informed confirmation before transmission. This can expose sensitive local file contents or private video transcripts to an external processor, which is a real data-handling risk even if it is part of the feature's intended behavior.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The AI features send subtitle text or arbitrary local file contents to EvoLink's external API, but the script does not provide a clear runtime warning, consent prompt, or strong disclosure before transmission. This creates a real data exposure risk because users may pass sensitive local files or transcripts assuming processing is local, especially since the tool accepts both URLs and files.

External Transmission

Medium

Category: Data Exfiltration
Content: " "$native_prompt" "$native_content" "$native_payload" "$model" local response response=$(curl -s -X POST "$EVOLINK_API" \ -H "Authorization: Bearer $api_key" \ -H "Content-Type: application/json" \ -d "@$tmp_payload")
Confidence: 94% confidence
Finding: curl -s -X POST "$EVOLINK_API" \ -H "Authorization: Bearer $api_key" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: " "$native_prompt" "$native_content" "$native_payload" "$model" local response response=$(curl -s -X POST "$EVOLINK_API" \ -H "Authorization: Bearer $api_key" \ -H "Content-Type: application/json" \ -d "@$tmp_payload")
Confidence: 94% confidence
Finding: curl -s -X POST "$EVOLINK_API" \ -H "Authorization: Bearer $api_key" \ -H "Content-Type: application/json" \ -d

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal