ClawHub

videolink-to-article

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it asks for persistent PATH changes and can use browser/session cookies without clear user confirmation.

Install only if you are comfortable with it downloading BBDown/yt-dlp, changing your persistent PATH, and using login cookies for restricted videos. Prefer reviewing the install commands first, using absolute tool paths instead of PATH changes, keeping cookies one-off and deleting them afterward, and running cleanup only inside a new per-video output folder.

Publisher note

Use when the user provides a Bilibili or YouTube URL and asks for a transcript, article, or subtitle extraction. Downloads platform subtitles via BBDown / yt-dlp and produces a clean Markdown transcript in the source language.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The guide goes beyond one-time transcript extraction and instructs users to make persistent system configuration changes by modifying PATH and documenting uninstall/deletion steps. This increases the skill’s long-term footprint and broadens the blast radius if a downloaded binary is later replaced or abused, because future shells will automatically resolve executables from that user-controlled directory.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The recommendation to add a skill-specific tool directory to PATH gives the skill an enduring execution foothold in all future shells, which is not strictly necessary for a transcript/subtitle workflow. Any executable later placed in that directory could be preferentially invoked by name, creating persistence and increasing risk from supply-chain compromise or local tampering.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill directs destructive deletion of intermediate artifacts using a broad file-removal pattern, but does not require explicit user confirmation or retention options. In practice this can permanently remove source subtitles, metadata, and diagnostics that may be needed for auditability, reruns, debugging, or user review, especially if WORK_DIR is chosen too broadly or contains unexpected files.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The instructions modify persistent user PATH and include recursive deletion of the tools directory, but the guide does not foreground the system-impacting nature of those operations or the risks of changing shell startup files and environment state. This can surprise users, create persistence, and potentially remove more than intended if the placeholder path is mis-set.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal