ClawHub
Back to skill

Security audit

srt2md

Security checks across malware telemetry and agentic risk

Overview

This skill coherently converts SRT subtitles into Markdown documents, with a disclosed research-enrichment step users should skip for private transcripts.

Use normally for public videos and non-sensitive subtitles. For private meetings, unpublished material, or transcripts containing personal information, tell the agent to skip Stage 3 web search so derived keywords, names, or topics are not sent to search tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill metadata promises processing that is fully handled within the current session, but this file instructs the agent to use external search engines and fallback web search. That creates a capability/expectation mismatch that can cause unannounced outbound data use, privacy leakage from subtitle-derived queries, and broader behavior than users consented to.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
A skill whose stated purpose is SRT-to-Markdown conversion is being instructed to perform proactive network research and enrich output with external material. This expands the attack surface from local transformation to web interaction, increasing risks of data exfiltration, prompt-scope creep, and incorporation of untrusted external content into the final document.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger conditions are broad enough to match ordinary discussion of subtitles or document conversion, which can cause the skill to activate in contexts the user did not intend. Over-broad invocation increases the chance of unnecessary file handling, unintended workflow execution, or misrouting user requests away from more appropriate skills.

VirusTotal

45/45 vendors flagged this skill as clean.

View on VirusTotal