ClawHub

字幕菌

Security checks across malware telemetry and agentic risk

Overview

The skill has a legitimate subtitle-extraction purpose, but it tells users they may paste an API key into chat, which is unsafe credential handling.

Review before installing. Use this only if you are comfortable with video links being processed by the zimujun/devtool service and npm code being fetched at runtime. Set `ZMJ_API_KEY` yourself in a local environment or approved secret manager; do not paste the key into chat, and rotate it if it has already been shared.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly tells users they can send their API key directly in chat so the agent can set the environment variable. Secrets pasted into chat may be retained in conversation history, logs, analytics, or exposed to unintended operators/tools, creating a clear credential-handling risk. In this skill’s context, that is more dangerous because the workflow revolves around a paid external API key and the instruction is presented as a standard recovery path.

Ssd 3

Medium
Confidence
99% confidence
Finding
The skill instructs users to transmit their API key directly to the agent so it can configure the environment on their behalf. This normalizes unsafe secret-sharing and can leak credentials through message storage, support access, tool traces, or downstream integrations; although the likely blast radius is limited to the external transcript service, compromise still enables unauthorized API use and billing abuse.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal