ClawHub
Back to skill

Security audit

Ffmpeg Chinese Subtitle

Security checks across malware telemetry and agentic risk

Overview

This is a local media-processing skill for adding Chinese subtitles and creating simple ffmpeg videos, with no evidence of hidden network, credential, persistence, or destructive behavior beyond normal output-file writes.

Install Pillow and ffmpeg/ffprobe only from trusted sources. Use this on media files you intend to process, and choose output paths carefully because the example ffmpeg commands can overwrite existing files without prompting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
72% confidence
Finding
The skill metadata declares no permissions, yet the analyzed capability set indicates file writing and shell execution. This creates a trust gap: users and orchestrators may invoke the skill believing it is low-risk documentation or image processing, while the underlying implementation can execute commands and modify files. In a skill ecosystem, undeclared execution capabilities weaken sandboxing and consent boundaries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The declared purpose is narrowly about rendering Chinese subtitles onto images, but the behavior reportedly also merges videos, adds and mixes background music, and probes media metadata. That mismatch is security-relevant because it hides broader media-processing and command-execution functionality behind an innocuous description, increasing the chance of unexpected file access, shell use, and misuse in automated agent routing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal