ClawHub

Subtitle Generator Github

Security checks across malware telemetry and agentic risk

Overview

This is a cloud subtitle and video-rendering skill that sends user-selected media and prompts to NemoVideo, with some broader editing capability disclosed in the instructions.

Install only if you are comfortable sending the videos, audio, images, URLs, prompts, and render metadata you choose to NemoVideo cloud services. Keep NEMO_TOKEN private, avoid sensitive or regulated media unless you trust the provider, and be aware that the skill can do broader video edits beyond subtitles.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest and top-level description position this as a narrow subtitle-generation tool, but the operational instructions broaden it into a general-purpose cloud video editing and rendering workflow. That mismatch can cause users and host platforms to grant trust, routing, and data access under a narrower expectation than the skill actually uses, increasing the chance of unintended data disclosure and misuse of capabilities.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as accepting uploaded video files for subtitle generation, yet the documentation also allows URL ingestion and a broad set of unrelated media formats. This expands the data ingestion surface beyond user expectations, creating risks around remote content fetching, unsupported content handling, and unexpected transfer of third-party or non-video data to the backend.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The catch-all routing rule sends nearly all unmatched prompts to the SSE backend, which can cause the skill to activate for unrelated requests. In practice, this broad trigger increases accidental exfiltration of user prompts to the remote service and may let the skill operate outside its intended domain.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to automatically connect to a remote backend and process uploads, but it does not clearly warn users that their media files and prompt content will be transmitted off-platform. This undermines informed consent and creates privacy and compliance risks, especially for sensitive videos, voice content, or proprietary material.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal