ClawHub

YouTube Chinese Subtitle Burn-in

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed YouTube subtitle and video-processing skill that uses expected media tools and project files, with no evidence of hidden data access or destructive behavior.

Install this only if you want an agent to download/process YouTube media, run ffmpeg/yt-dlp, and create local subtitle/video outputs. Check that you have rights to transform the source video, specify Chinese-only versus bilingual output up front, and review any proposed reusable feedback updates before repackaging the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print(f"Window: start={start:.3f}s duration={duration:.3f}s subtitle_cues={len(selected)}")
            print(f"Render mode: {mode}")
            return 0
        result = subprocess.run(
            [
                "ffmpeg",
                "-y",
Confidence
87% confidence
Finding
result = subprocess.run( [ "ffmpeg", "-y", "-ss", f"{start:.3f}", "-t", f"{duration:

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill directs the agent to read and write many project files and invoke shell tools like ffmpeg, yt-dlp, and Python scripts, but it does not declare corresponding permissions. That creates a capability/permission mismatch where operators or policy layers may underestimate what the skill can do, reducing transparency and weakening review and containment.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough to match many generic requests about subtitles, translation, thumbnails, descriptions, and feedback handling, not just the narrowly intended YouTube burn-in workflow. Over-broad routing can activate a shell-capable, file-writing skill in contexts where a simpler, lower-privilege skill would suffice, increasing the chance of unnecessary downloads, file modification, or processing of untrusted inputs.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The workflow explicitly defaults to producing Simplified Chinese hard-subtitled output for any user who provides only a URL, without first obtaining clear consent for translation, subtitle language, or media modification. This can cause unauthorized transformation of third-party content, user surprise, and accidental disclosure or publication of altered outputs that the user did not intend to create.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal