ClawHub

Subtitle Generator Extension Chrome

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is a disclosed cloud video subtitle/rendering workflow, but users should treat uploaded media, URLs, prompts, and render metadata as being sent to NemoVideo’s remote service.

Install only if you are comfortable sending selected video/audio files, video URLs, prompts, and render metadata to NemoVideo cloud APIs. Use a short-lived anonymous token when possible, avoid private or sensitive media unless you trust the provider, and confirm ambiguous requests before allowing uploads, SSE edits, or exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a subtitle generator, but the documented behavior exposes a much broader remote video editing and rendering capability, including general edits, asset manipulation, and export workflows. This scope mismatch can mislead users and reviewers about what data and actions the skill can perform, increasing the risk of unexpected processing or misuse of uploaded media.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill includes support for broad media editing actions such as aspect ratio changes, overlays, audio changes, and generic edit routing that are not justified by its subtitle-focused purpose. Overbroad action scope creates a mismatch between user expectations and actual authority, which can enable unintended content modification or abuse of the connected backend.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
Allowing uploads by remote URL expands the data-ingestion surface beyond user-supplied local files described in the manifest. This can enable unanticipated fetching of third-party or internal resources, and at minimum it weakens transparency about what content source types the skill may send to the backend.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The phrase "tell me what you're thinking" is overly broad and can cause the skill to activate on ordinary conversation unrelated to subtitle generation. Ambiguous activation increases the chance of unintended routing, accidental remote processing, and confusion about when user content is being sent to an external service.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The catch-all rule routing "Everything else" to SSE gives the skill an extremely loose activation boundary, effectively treating most unmatched input as an instruction to the backend. In a skill that can upload, edit, and export remote media, this makes unintended actions more likely and reduces meaningful user control.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Although the document mentions server-side rendering, it does not provide a clear upfront warning that uploaded video and related content are transmitted to a remote third-party processing API. For media files, this is a meaningful privacy and data-handling concern because users may assume browser-local processing from the skill framing.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal