ClawHub

Github Subtitle Generator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real cloud subtitle tool, but it gives a remote video service broader editing and upload authority than the subtitle-focused description clearly scopes.

Install only if you are comfortable sending selected videos, audio, images, prompts, and render metadata to NemoVideo's cloud API. Avoid confidential recordings or screenshares with secrets unless you trust that provider, and require explicit confirmation before token creation, uploads, edits, exports, or credit-consuming actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a subtitle generator, but the documented backend actions support broader media editing, rendering, and project manipulation. This creates a scope mismatch that can mislead users and reviewers about what data and operations are actually possible, weakening informed consent and increasing the chance of unintended use.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill includes capabilities for general multimedia composition, including handling images, audio tracks, overlays, and timeline editing, which go well beyond the stated subtitle-generation purpose. Excess capability increases attack surface and the risk of unauthorized or unexpected transformations of user media, especially when routed through a remote API.

Vague Triggers

Medium
Confidence
96% confidence
Finding
Routing 'everything else' to the SSE editing workflow is overly broad and can cause many unrelated user messages to trigger remote editing actions. In this context, that makes the skill more dangerous because a subtitle tool may unexpectedly send arbitrary user text to a powerful backend capable of modifying projects and invoking additional operations.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill asks users to upload video files and states processing happens on cloud GPUs, but it does not clearly warn up front that user media is sent to a third-party service. Because uploaded videos can contain sensitive audio, visuals, screenshares, or personal data, insufficient disclosure undermines informed consent and creates a meaningful privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal