ClawHub

Ai Subtitle Generator Ai

Security checks across malware telemetry and agentic risk

Overview

This looks like a real media-processing skill, but it needs review because it can automatically connect to a cloud backend and route broad video-editing requests beyond its stated subtitle purpose.

Install only if you are comfortable sending media files, prompts, and related session data to the NemoVideo cloud API. Treat it as a general cloud video-editing integration, not just a subtitle generator, and avoid using it for private or sensitive audio/video unless the service's privacy and retention terms are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill’s declared purpose is subtitle generation, but the instructions route users into broader video editing actions such as aspect-ratio changes, overlays, audio edits, and generic editing via SSE. This scope mismatch can mislead users and reviewers about what data and actions the skill will perform, increasing the chance of unintended processing or abuse of a more capable backend than advertised.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The documentation advertises support for additional media types and editing workflows beyond the stated subtitle-generation use case, indicating the skill can process more content types than users would reasonably expect from the manifest. That discrepancy expands the effective attack surface and weakens informed consent around what may be uploaded or transformed in the cloud service.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The prompt 'Or just tell me what you're thinking' is overly broad and can cause the skill to activate on generic conversation unrelated to subtitle generation. Over-triggering is dangerous because the skill performs automatic setup and connects to a remote API on first interaction, which could lead to unintended external data sharing or token/session creation without clear user intent.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The catch-all rule routing 'Everything else' to SSE creates an extremely permissive trigger surface, effectively allowing nearly any message to be forwarded into a powerful remote editing/chat backend. In a skill that can upload media, manipulate sessions, and invoke export workflows, this makes accidental or adversarial misuse substantially more likely.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description emphasizes convenience and speed but does not clearly warn users up front that their uploaded media and prompts are sent to a third-party cloud processing API. For a media skill handling potentially sensitive videos and audio, insufficient disclosure undermines informed consent and increases privacy and compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal