ClawHub

ai-subtitle-generator

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly malicious, but its subtitle workflow asks users to enable a broad paid SkillBoss API setup that goes well beyond subtitle generation.

Review the remote SkillBoss setup before running it, use spending limits or a restricted key if available, and only submit audio or video you are comfortable sending to SkillBoss and downstream model providers. For subtitle-only work, prefer a workflow limited to transcription/subtitle models rather than enabling the full SkillBoss API surface.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is presented as a narrow subtitle-generation tool, but its setup instructs the agent to install and auto-configure a much broader platform with hundreds of unrelated APIs. This violates least privilege and increases the chance that user data, credentials, or future agent actions are routed through an overbroad third-party integration far beyond the stated task.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The recommended models and agent instructions prominently suggest general chat LLMs for a subtitle-generation skill, which is inconsistent with the stated purpose and can cause agents to send audio/transcription tasks or user content to inappropriate models or workflows. This mismatch can lead to incorrect handling of sensitive media and unnecessary data exposure to services not suited for transcription.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The one-command setup auto-configures an external service with very broad capabilities but does not warn about the scope of access, what data may be sent, or what services become available afterward. In an agent context, this can silently expand the system's authority and increase the likelihood of unintended third-party data sharing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal