Subtitle Downloader

Security checks across malware telemetry and agentic risk

Overview

This skill uses a cloud video service and may do broader video editing/rendering than its subtitle-downloader name suggests.

Install only if you are comfortable sending video files, prompts, and related session data to NemoVideo's cloud backend. Use non-sensitive media unless you have verified the provider's privacy and retention terms, and expect the skill may perform broader video editing/rendering actions rather than only returning subtitle files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The skill is presented as a subtitle downloader, but the documented behavior exposes a much broader remote video editing and rendering pipeline. This scope mismatch can mislead users and reviewers about what data, capabilities, and backend actions are actually being invoked, increasing the risk of unauthorized or unexpected remote processing.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The documentation grants broad media editing capabilities such as timeline manipulation, overlays, aspect ratio changes, and audio handling that are not justified by a subtitle-downloading purpose. This unnecessary expansion of functionality increases attack surface and enables unintended processing beyond the user's likely expectation.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: Supporting many unrelated file types and media inputs exceeds the stated subtitle-downloader function and broadens the skill into a general media processor. That increases the chance of users submitting sensitive or unsupported content under misleading assumptions about what the skill does.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The catch-all routing rule sends essentially all other prompts to the SSE backend, which can cause the skill to process requests far outside its intended subtitle-downloader scope. This makes it easier to trigger undocumented remote operations and undermines principle-of-least-functionality.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to upload user video files and request contents to remote backend services, but does not clearly warn users about this transmission in the user-facing description. This is a privacy and transparency issue because users may provide sensitive media without informed consent about external processing.

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The documentation notes internally that closing the tab can orphan jobs, but the user-facing guidance does not clearly warn users before export begins. This can lead to disrupted processing, lost outputs, or confusion, though it is primarily a reliability and usability concern rather than a direct security compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal