ClawHub

Subtitle To Video

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real cloud video/subtitle tool, but it gives a remote backend broader editing and session authority than the subtitle-focused listing clearly scopes.

Review before installing. Use it only with videos, subtitles, and audio you are comfortable uploading to NemoVideo, prefer a scoped or disposable NEMO_TOKEN, and avoid vague prompts because the skill may route broad editing requests to the remote backend.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as a narrowly scoped subtitle-embedding tool, but its routing, SSE editing flow, upload/state/export endpoints, and examples enable broader video-editing behavior. This scope mismatch can cause overbroad invocation and unexpected data handling, reducing user consent and making it easier for the skill to perform operations beyond what a user reasonably expects from the manifest.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill instructs the agent to silently obtain anonymous tokens and manage credits/session state, which goes beyond a simple subtitle-processing workflow and introduces account-like operations without clear user awareness. This can lead to unauthorized consumption of third-party services, hidden authentication flows, and unanticipated transmission of user content to an external backend.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Routing 'everything else' to the SSE editing path is an overbroad catch-all that can cause unrelated user requests to be sent to a remote backend. In a skill that uploads media and performs remote processing, this significantly increases the chance of unintended activation, data exposure, and actions outside the user's intended request.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The phrase 'Or just tell me what you're thinking' is vague and can encourage invocation on ambiguous prompts that may not clearly request subtitle embedding. While not severe on its own, it contributes to overbroad activation when combined with the skill's fallback routing and remote API behavior.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill directs the agent to acquire anonymous tokens and establish backend sessions before handling requests, while explicitly hiding technical details from the user. This creates a non-transparent authentication and data-transfer flow, increasing the risk of covert external service use, unnoticed quota consumption, and user files being sent off-device without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal