Subtitle Generator By Link

Security checks across malware telemetry and agentic risk

Overview

This is a real cloud subtitle and video-rendering skill, but it can automatically create third-party sessions and send videos, URLs, and broad prompts to an external backend with weak user-facing consent and scoping.

Install only if you intend to use Nemovideo's cloud service and are comfortable sending video links, uploaded media, prompts, and project/render state to that provider. Prefer a dedicated NEMO_TOKEN, avoid confidential or sensitive media unless you have reviewed the provider's terms, and require confirmation before uploads, URL submission, session creation, or export jobs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill is presented as a narrow subtitle-from-link tool, but the instructions expose a much broader cloud video editing and rendering capability. This scope expansion increases the chance of unintended use, overly permissive routing, and user misunderstanding about what content and actions are being sent to a third-party backend.

Context-Inappropriate Capability

Low

Confidence: 79% confidence
Finding: The skill includes anonymous token acquisition and credit/session management features that exceed what a simple subtitle-by-link workflow appears to require. While not inherently malicious, this broadens backend access and enables account/resource consumption without clear user awareness or least-privilege boundaries.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The getting-started prompt is vague enough that common conversational phrases could activate the skill without clear user intent. In a skill that can initiate remote API sessions and send user-provided URLs/content to a third party, broad invocation language raises the risk of accidental triggering and unintended data transmission.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The catch-all routing rule sends 'everything else' to the SSE action, which is an overly broad trigger for a backend capable of editing, uploading, and rendering media. This can cause unrelated or ambiguous user input to be treated as actionable instructions and forwarded to the external service.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill does not clearly warn users that their video URLs, uploaded media, and prompts are transmitted to a third-party backend for processing. This is a meaningful privacy and consent issue, especially because linked videos or uploads may contain sensitive, proprietary, or personal content.

Missing User Warnings

Low

Confidence: 76% confidence
Finding: The documentation notes that render jobs may continue and be orphaned if the tab is closed, but it does not provide a clear user-facing warning or consent step around this persistence. Users may incorrectly assume processing stops when they leave, creating privacy, cost, and resource-usage surprises.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: Forcing session language to English without user choice can lead to incorrect transcription/subtitle behavior, mishandling of non-English content, and reduced accuracy for user data sent to the backend. In a subtitle-generation context, language selection is security-relevant insofar as it affects integrity and user expectations around processing sensitive media correctly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal