ClawHub

Subtitle Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a coherent cloud subtitle and video-rendering skill, but users should understand that media and prompts may be sent to NemoVideo's backend.

Install only if you are comfortable sending video files, audio, images, remote URLs, and editing prompts to mega-api-prod.nemovideo.ai for cloud processing. Avoid confidential, sensitive, or copyrighted media unless you trust that service's privacy and retention practices, and use explicit prompts so unrelated requests are not routed into the editing workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest and top-level framing present the skill as a subtitle generator, but the documented behavior enables broader media editing and timeline manipulation. This scope mismatch can mislead users and host platforms about what the skill will do, increasing the chance of overbroad invocation, unintended processing, and consent/privacy issues when users provide media under narrower expectations.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The user-facing description suggests uploading local video files, but the documented API also accepts remote URLs and non-video assets such as images and audio. That discrepancy matters because URL ingestion can fetch third-party resources and non-video asset support materially expands what user content may be transmitted and processed by the cloud service.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The getting-started prompt encourages broad, generic phrases that can match ordinary conversation rather than an intentional request to invoke this skill. In an agent environment, that raises the risk of accidental activation and unintended media upload or backend session creation without clear user intent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The catch-all rule routes nearly all remaining prompts, including generic edit requests, into the SSE workflow. This is overly permissive and can cause unrelated requests to be sent to the external backend, expanding the chance of unintended third-party data disclosure and actions outside the user's expected scope.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill does not prominently warn users that uploaded media and prompt content are sent to a cloud backend for processing. Since videos commonly contain sensitive personal, corporate, or copyrighted material, lack of clear disclosure undermines informed consent and can lead to unintended exposure of user data to a third party.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal