ClawHub

Ai Subtitles Free

Security checks across malware telemetry and agentic risk

Overview

This skill is a remote video captioning/editing connector, but it automatically creates backend sessions and has broad routing that could send more prompts or media to the service than a user may expect.

Install only if you are comfortable sending video/audio files, prompts, timeline state, and render metadata to nemovideo.ai for cloud processing. Avoid sensitive media unless you trust that service, and expect the skill to create or use a token/session automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is marketed narrowly as a subtitle generator, but the instructions expose a much broader remote video-editing and media-processing capability set, including editing, uploads, state management, and rendering. This mismatch undermines informed consent and can cause the agent to perform actions users did not reasonably expect from the advertised purpose, increasing the risk of over-collection and unintended remote processing.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to silently acquire anonymous tokens and create backend sessions, which introduces autonomous authentication behavior beyond simple local subtitle generation. This is dangerous because it enables the skill to establish third-party service access and transmit user media/prompts without explicit, informed user approval for account/session creation and remote processing.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invitation language is extremely broad and encourages users to 'just tell me what you're thinking,' which can activate the skill from vague, non-specific conversation. Overbroad activation increases the chance of unintended invocation and subsequent transmission of user content to remote services without clear user intent.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The keyword-routing rules are ambiguous and broad, mapping generic terms like 'status,' 'upload,' and other intent-like phrases to operational actions. Such loose routing can cause accidental action selection, especially in conversational contexts where these words appear without intent to use the skill.

Vague Triggers

High
Confidence
97% confidence
Finding
Routing 'everything else' to the main SSE action creates an effectively unbounded catch-all trigger, allowing arbitrary user text to be forwarded into the remote backend workflow. In this skill's context, that is especially dangerous because the backend can interpret broad editing commands and operate on uploaded media, making unintended remote actions much more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill does not prominently warn users that their media files, prompts, and session data are sent to a remote third-party backend for processing. This is a meaningful privacy and transparency failure because users may believe the operation is local or limited to simple captioning, while sensitive audio/video content is actually uploaded and processed externally.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
Forcing session creation with `language":"en"` without user choice can lead to incorrect language handling, reduced accuracy, and unintended processing assumptions for non-English users. While not as severe as authentication or disclosure issues, it still violates user expectation and can degrade output or mishandle multilingual content.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal