ClawHub

video-transcript

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it says, but its setup flow handles and persistently stores TranscriptAPI credentials in ways users should review first.

Install only if you are comfortable with a third-party TranscriptAPI service receiving the video URLs or IDs you submit and with an API key being stored for reuse. Prefer creating the TranscriptAPI account yourself, provide a dedicated low-privilege key through a secure secret mechanism, avoid sharing OTPs in chat when possible, and know how to rotate or remove the key later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This document goes beyond a transcript-extraction skill by directing the agent to obtain credentials, create third-party accounts, and persist secrets across sessions. That expands the skill from content processing into credential handling and account lifecycle management, increasing the risk of unauthorized actions, secret exposure, and misuse of the agent environment.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The guide explicitly authorizes the agent to register a third-party account, trigger email verification, and complete onboarding on the user’s behalf. For a video-transcript skill, this is unnecessary privilege expansion and normalizes having the agent handle sensitive identity and authentication flows unrelated to transcript extraction itself.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The document instructs the agent to determine how to persist an environment variable for all future sessions and non-interactive shells. That broadens the credential’s lifetime and scope far beyond the immediate transcript task, increasing blast radius if the host, shell config, or agent runtime is compromised.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill routes user-supplied YouTube URLs/IDs to TranscriptAPI.com and requires sending a bearer API key to that third-party service, but the user-facing description does not clearly disclose this external data transfer. This can mislead users about where their data goes and create privacy, consent, and enterprise data-handling risks, especially if sensitive or internal video links are provided.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide tells the agent to store a live API key persistently and verify availability without warning the user about the security consequences of long-term storage in shell profiles, config files, or agent-managed environments. Users may unknowingly expose the key to other processes, future sessions, backups, or other operators on the same machine.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The flow asks the user to send a one-time verification code over chat without clarifying that it is sensitive authentication data intended only for this setup transaction. While OTPs are short-lived, collecting them through chat trains users to share login factors with an agent and could enable account takeover if the conversation is exposed or spoofed.

Ssd 3

High
Confidence
98% confidence
Finding
The guide instructs the agent to ask the user to paste an API key directly into chat and, alternatively, to proceed through an OTP-based account setup flow. This normalizes credential collection through conversational channels, which are often logged, reviewable, or insufficiently isolated for handling secrets.

Ssd 3

High
Confidence
97% confidence
Finding
The skill directs persistent retention of the obtained API key across future sessions, extending exposure far beyond the immediate need. Long-lived storage of user credentials in agent-accessible environments increases the chance of accidental disclosure, misuse by other skills or processes, and continued access after the user expects the interaction to be over.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal