ClawHub

YouTube Transcript

Security checks across malware telemetry and agentic risk

Overview

The skill appears to provide YouTube subtitle retrieval, but the reported published API key and broad paid-service trigger need review before installation.

Review this skill before installing. The subtitle functionality itself is plausible, but do not use a version that publishes a real API key or can be invoked by vague subtitle requests; wait for the publisher to remove and rotate the credential and narrow the activation wording.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill documentation contains a hard-coded secret-looking API key (`sk_...`) that is unrelated to safe end-user documentation and could be harvested by anyone who can view the file. Exposed credentials can enable unauthorized API access, billing abuse, impersonation of the skill provider, or lateral compromise if the same key is reused elsewhere.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The example trigger phrase "Show video subtitles" is broad and generic enough to match ordinary user requests that may not be intended to invoke this paid skill. In this context, the collision risk is more dangerous because the skill charges per call, so accidental invocation could lead to unintended spending or routing of user requests to an external integration.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
A hard-coded API key is exposed directly in natural-language content, making secret extraction trivial for users, crawlers, or downstream tooling that indexes documentation. Because this is a transcript skill with a priced API integration, disclosure can directly enable fraudulent usage and financial loss, and the reassuring integration context does not reduce the severity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal