ClawHub

Ai Subtitles Extension

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real cloud captioning/video-rendering skill, but it is broader than its subtitle-focused name and can route vague requests and media to a remote service.

Review before installing. Treat this as a cloud video editor with subtitle features, not a local or subtitle-only tool. Use it only for media you are comfortable sending to NemoVideo, and require explicit user confirmation before uploads, broad edit requests, exports, or first-time backend session creation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as a subtitle tool, but the documentation expands it into a broad remote video editing and export pipeline with generic edit, upload, state, and render capabilities. This scope expansion increases the chance of unintended invocation, excessive data transfer, and user misunderstanding about what actions the skill may perform on uploaded media.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger guidance is broad and permissive, encouraging activation from loosely related phrases without clearly limiting what the skill should do. In a skill that uploads media and contacts remote services, vague invocation criteria can cause accidental activation and transmission of user content to third-party infrastructure.

Vague Triggers

High
Confidence
95% confidence
Finding
The catch-all rule routes nearly every non-explicit request to the SSE backend, effectively turning the skill into a generic remote command conduit. This is dangerous because unrelated user prompts could be forwarded to an external service, causing unintended processing, data disclosure, or feature abuse well beyond subtitle generation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs automatic connection to a remote backend and later processes uploaded videos server-side, but it does not prominently warn users that their media will be transmitted to external services. For a media-handling skill, this omission materially affects informed consent and can expose sensitive or private content without sufficiently explicit notice.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
Forcing GUI translation behavior without user opt-in can alter backend-generated text before the user sees it, which may misrepresent actions, statuses, or editing results. While lower severity than data exfiltration issues, it reduces transparency and user control in a workflow already dependent on opaque remote processing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal