ClawHub

Free Bilibili Ai Subtitle

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it sends videos and broad prompts to a third-party cloud video backend with scope and consent gaps.

Review this carefully before installing. Use it only with videos you are comfortable sending to NemoVideo, prefer a dedicated NEMO_TOKEN, and confirm uploads/exports before proceeding. Avoid private, confidential, biometric, copyrighted, or business-sensitive media unless you trust the provider and understand its retention and account policies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest and top-level description frame the skill as a narrow Bilibili subtitle tool, but the documented behavior exposes a much broader cloud video editing, session, upload, state, and render workflow. This mismatch can mislead users and host systems about the skill’s actual capabilities, increasing the chance of overbroad routing, unintended data transfer, and use beyond the declared purpose.

Context-Inappropriate Capability

Low
Confidence
83% confidence
Finding
The skill includes token handling, session creation, and credit-balance checks that go beyond a simple subtitle-generation flow. While these may support backend operation, exposing account-like operations without clearly tying them to the stated purpose creates unnecessary privilege surface and can normalize hidden service interactions.

Vague Triggers

High
Confidence
97% confidence
Finding
Routing 'everything else' to the SSE backend makes the skill effectively a broad catch-all for arbitrary user prompts. This can cause the skill to activate outside its stated domain and forward unrelated user requests to a third-party cloud service, creating data exposure and prompt-scope expansion risks.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation guidance includes the vague phrase 'Or just tell me what you're thinking,' which encourages broad, non-specific activation. In combination with remote backend processing, this increases the likelihood that unrelated user content or requests are sent to the service without clear intent or informed consent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill asks users to drop video files in chat and emphasizes easy cloud processing, but it does not prominently warn that uploaded media and prompts are sent to a third-party backend. Because videos may contain sensitive personal, biometric, copyrighted, or confidential content, omission of clear disclosure undermines informed consent and materially raises privacy risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal