ClawHub

Ai Subtitles Generator

Security checks across malware telemetry and agentic risk

Overview

This looks like a real cloud subtitle/video rendering skill, but it needs Review because it automatically creates remote sessions and handles broader editing requests than its subtitle-focused description suggests.

Review before installing. Use this only if you are comfortable sending selected videos, images, audio, and edit instructions to mega-api-prod.nemovideo.ai. Keep NEMO_TOKEN private because it authorizes credits, uploads, sessions, and exports, and avoid sensitive media unless you trust the provider’s privacy and retention practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a subtitle generator, but the documented API surface and routing behavior support much broader video editing, media manipulation, and export workflows. This mismatch weakens user consent and platform control boundaries because users or host systems may grant the skill access expecting narrow captioning functionality while it can perform materially broader operations.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to automatically obtain anonymous authentication tokens from a remote service when no local credential is present. That gives the skill a self-service credential acquisition path unrelated to a minimal local subtitle transformation flow, enabling external account/session creation and remote processing without clear user authorization.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Routing 'everything else' to the SSE editing path creates an overly broad catch-all trigger that can capture unrelated user requests. In an agent environment, this increases the chance of accidental invocation, unintended data transfer to the backend, and execution of remote actions outside the user’s subtitle-generation intent.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
Hard-coding the session language to English without user choice can cause user input and backend processing to be handled under the wrong language context. In this skill, that is mainly a consent and correctness issue, but it can also increase the chance that user content is misinterpreted and sent to the remote service in an unintended way.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal