ClawHub

Subtitle Generator Chrome Extension

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud video captioning/editing workflow, but users should be careful because it sends selected media and prompts to a third-party backend.

Install only if you are comfortable sending selected video files and editing prompts to mega-api-prod.nemovideo.ai and using or generating a NEMO_TOKEN that may consume service credits. Avoid confidential, regulated, or unpublished media unless you separately trust the provider's privacy and retention practices, and confirm uploads or exports when a request is ambiguous.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest presents the skill as a subtitle generator, but the documented behavior exposes a much broader remote video-editing and rendering interface, including upload, state inspection, credits, and export workflows. This scope mismatch can mislead users and host platforms about what data and actions the skill can perform, increasing the risk of unintended file handling and overbroad backend access.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill includes token acquisition, session creation, and credit-balance operations that go beyond a simple subtitle-generation function and introduce account-like workflow handling. Even if intended for service operation, these capabilities expand the attack surface by enabling identity/session manipulation and backend resource consumption without being clearly justified to the user.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The instruction 'Or just describe what you're after' is overly broad for a skill that can upload files and send arbitrary prompts to a cloud SSE backend. Loose invocation criteria make accidental activation and prompt overreach more likely, allowing unrelated user requests to be forwarded into a powerful remote editing workflow.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The routing table sends 'Everything else' to SSE processing, which effectively grants a broad free-form command channel to the remote service. In context, this is more dangerous because the backend supports editing, state, upload, and export behaviors, so ambiguous matching can cause unintended data processing or actions beyond subtitles.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill asks users to send video files to a cloud backend but does not provide a clear privacy or data-handling notice describing where files go, how long they are retained, or who can access them. Because videos may contain sensitive audio, faces, locations, or proprietary content, omission of this disclosure meaningfully increases privacy and compliance risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal