ClawHub

Online Subtitle

Security checks across malware telemetry and agentic risk

Overview

This subtitle skill is not clearly malicious, but it sends user media to a third-party cloud video-editing backend with broad automatic routing that users should review before installing.

Install only if you trust Nemo Video's cloud service with the media you provide. Use explicit subtitle/video-editing prompts, keep NEMO_TOKEN private, and avoid uploading confidential, private, or proprietary videos unless you understand the service's retention and privacy terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is advertised as a subtitle tool, but the documented behavior enables general-purpose cloud video editing, rendering, upload, state inspection, and export workflows. This scope mismatch can mislead users and reviewers about what the skill actually does, increasing the chance of unintended data exposure and overbroad operation on user-provided media.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The opening guidance invites very broad input such as sharing files or vague requests, which can cause the skill to activate on ambiguous prompts without clear user intent. In a skill that uploads files to a cloud backend and creates sessions automatically, unintended invocation can lead to unnecessary transmission of user media or consumption of service credits.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The routing table includes a catch-all rule that sends nearly everything else to the SSE chat/edit pipeline, effectively granting broad backend action coverage with minimal scope constraints. Because the backend supports general editing operations beyond subtitles, ambiguous user text could trigger unintended remote actions, file processing, or state mutations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states that it connects to a cloud backend and encourages file sharing, but it does not present a clear, explicit warning that user videos will be uploaded to a third-party remote service for processing. For media files, this is a meaningful privacy and data-handling concern because users may upload sensitive or proprietary content without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal