ClawHub

Easy Subtitles

Security checks across malware telemetry and agentic risk

Overview

This is a real cloud subtitle/video editing skill, but it is too broadly scoped and can send ambiguous prompts to a remote backend after automatic setup.

Install only if you are comfortable sending selected media files, editing prompts, and related metadata to NemoVideo and using a NEMO_TOKEN or anonymous token. Keep requests explicit, avoid sensitive/private media, and confirm before uploads, exports, or credit-consuming actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest presents the skill as a narrow subtitle-generation tool, but the body documents a much broader media editing, upload, SSE command, state inspection, and cloud render pipeline. This scope expansion can mislead users and host platforms about what actions the skill may take, increasing the chance of unintended file handling, remote processing, and broader network/API use than expected.

Description-Behavior Mismatch

Low
Confidence
91% confidence
Finding
The advertised use case is video subtitle generation, but the accepted types include images and multiple audio-only formats beyond that declared scope. This mismatch can cause users to provide data they did not expect the skill to process and broadens the attack surface for cloud uploads and backend media handling.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation text includes generic prompts like 'tell me what you're thinking,' which are not tightly tied to subtitle generation. This can cause accidental activation from ordinary conversation and may trigger automatic setup, authentication, and network calls without a clear, specific user request for this skill.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The routing table sends 'Everything else' to the SSE workflow, creating a catch-all execution path with weak constraints. In a skill that can upload media, maintain sessions, and issue backend editing commands, this increases the risk that unrelated or ambiguous user text is treated as actionable remote instructions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to share video files and describes cloud GPU processing, but it does not clearly warn that files and associated metadata are uploaded to a third-party cloud service. This creates a privacy and data-handling risk because users may expose sensitive media content, embedded metadata, or personal information without informed consent.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The setup flow silently uses an environment token or generates an anonymous token for network access without clearly warning the user. Even if tokens are not displayed, undisclosed authentication behavior can surprise users and lead to unintended account/resource usage or attribution to the user's environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal