ClawHub

Video Subtitle Downloader

Security checks across malware telemetry and agentic risk

Overview

This is a user-directed subtitle downloader whose network access and local file output fit its stated purpose, with some usability and disclosure gaps users should understand.

Install it in a virtual environment, use a dedicated output folder, and test one URL before batch mode. Only process videos you have rights or permission to download or transcribe, and confirm the yt-dlp options if you want subtitles only rather than any full media download.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad, common user expressions that can plausibly appear in ordinary conversation, increasing the chance the skill activates unintentionally. In a skill that performs downloading, transcription, and file output, accidental invocation can cause unwanted network access, processing of user-supplied URLs, and creation of local artifacts without clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description promotes subtitle downloading, transcription, and local file generation but omits warnings about copyright restrictions, privacy implications of processing audio/video content, and where files are stored. This can lead users to process protected or sensitive material without informed consent, and the local output behavior may expose data on shared systems or overwrite files if not handled safely by implementation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal