v1.0.0

subtitle-extractor

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:19 AM.

Analysis

The skill is mostly coherent for subtitle extraction, but it uses exported browser cookies for logged-in video access and makes an overly broad privacy claim about those cookies.

GuidanceReview the cookie handling before installing. Only provide cookies for accounts and platforms you are comfortable using, understand that they authenticate external platform requests, and delete both cookie files and generated subtitle outputs when they contain sensitive information.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

Cookie files are read locally only, never transmitted externally. ... Bilibili requires a cookie file for all requests.

The wording can mislead users: cookies are used to authenticate requests to external video platforms, even if the skill is not shown sending them to an unrelated telemetry endpoint.

User impactA user may underestimate that exported cookies can represent their logged-in account session during platform access.

RecommendationClarify that cookies are used for authentication with the relevant video platform and are not merely inert local files; ask users to consent before using them.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

subtitle-extractor.py

snapshot_download(f'pkufool/faster-whisper-{model_size}', local_dir=str(target_dir), ...)

The transcription path can download Whisper model files from an external ModelScope repository without a pinned checksum. This is expected for transcription but is still a supply-chain dependency.

User impactFirst-time transcription may trust and download external model artifacts.

RecommendationUse trusted package/model sources, consider pinning model versions or checksums, and prefer a local verified model for sensitive workflows.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

SKILL.md

EXECUTION ORDER — NON-NEGOTIABLE ... Steps 1–4 in this skill MUST be completed in full before addressing any user request.

The skill uses strong ordering language that forces extraction and saving before the agent handles the user's final requested task. This is coherent with the subtitle-extraction purpose but should be visible to users.

User impactThe agent may create subtitle files and run prerequisite checks even when the user mainly asked for a summary or translation.

RecommendationKeep this workflow limited to explicit subtitle/video-processing requests and let users know when files will be created.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

subtitle-extractor.py

for f in sorted(skill_dir.glob('*.txt')): ... if 'bilibili' in f.name.lower(): ... return str(f.resolve()) ... if cookie_file: cmd += ['--cookies', cookie_file]

The code automatically discovers Bilibili cookie files in the skill directory and passes cookie files to yt-dlp. Platform cookies are account session credentials, while the registry metadata states there is no primary credential.

User impactIf you place an exported browser cookie in the skill directory, the skill can use that logged-in session for video-platform requests.

RecommendationUse only a narrowly exported cookie for the intended platform, keep it out of shared folders, delete it after use, and prefer a registry declaration that explicitly lists cookie credentials.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

Agent saves subtitle to `outputs/` ... The subtitle file MUST be saved to disk

The skill intentionally persists extracted subtitle text locally before the agent summarizes, translates, or analyzes it.

User impactSubtitles or transcripts from private videos or local files may remain on disk after the task.

RecommendationReview and delete generated subtitle files when they contain sensitive content, and treat extracted captions as untrusted text.