ClawHub

Ai Ai Subtitle Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud video subtitle/rendering workflow, but users should know their media and prompts are sent to NemoVideo and may use credits.

Install only if you are comfortable sending selected videos, audio, images, URLs, prompts, and edit instructions to NemoVideo's cloud service. Ask the agent to confirm before uploads, exports, or credit-consuming actions, and avoid sensitive media unless you trust the provider's privacy and retention practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is marketed as a subtitle generator, but the documented behavior exposes a broader remote video-editing and rendering workflow with upload, state inspection, and export capabilities. This mismatch increases the risk of users and orchestrators granting broader permissions or sending content under a narrower trust assumption, which can lead to unexpected data exposure and over-privileged use of the backend.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation examples and trigger phrases are broad enough that ordinary language about generating videos or adding subtitles could activate the skill unintentionally. In a system that uploads media and contacts a remote API, accidental activation can cause unintended disclosure of files, prompts, or account-backed actions without sufficiently explicit user intent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The catch-all routing rule sending 'everything else' to the SSE edit path is overly permissive and can misclassify unrelated user requests as instructions for the remote backend. Because the SSE path can trigger cloud-side processing and state changes, ambiguous fallback behavior materially increases the chance of unintended actions and data transfer.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to establish a backend connection, obtain or create tokens, and process user media through a remote cloud service without a clear, prominent disclosure to the user. This is dangerous because users may provide video files, prompts, and potentially sensitive media under the mistaken belief that processing is local or limited, resulting in unconsented third-party data transmission.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal