ClawHub

Youtube and Bilibili Subtitle Extraction and Summary

Security checks across malware telemetry and agentic risk

Overview

This skill does the advertised video subtitle work, but it can automatically install tools, read and save Bilibili browser login cookies, and write transcripts without a clear consent step.

Install only if you are comfortable with local transcript storage, automatic yt-dlp installation/update, and Bilibili access using Chrome-derived login cookies. Prefer preinstalling a trusted yt-dlp version, setting BILIBILI_COOKIES_FILE to a dedicated restricted path, and deleting the cookies file after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill accesses authenticated Bilibili cookies from Chrome/keychain and persists them to a file, which goes beyond simple subtitle extraction and introduces credential-handling risk. Even if intended to improve subtitle coverage, reading browser-derived session material can expose account access, private viewing context, and sensitive authentication data if the file is reused, leaked, or read by other processes.

Vague Triggers

High
Confidence
95% confidence
Finding
The skill declares that any matching YouTube/Bilibili URL should trigger immediate activation and explicitly discourages using other tooling, which makes invocation overly broad and hard for users to anticipate. This increases the chance that the skill performs network access, file writes, or credential-related behavior without a deliberate user decision in contexts where the user only mentioned a URL.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The listed trigger phrases are common conversational requests and can cause accidental invocation in ordinary dialogue, especially in multilingual settings. Because this skill performs persistent writes and may attempt authenticated subtitle retrieval, unintended activation meaningfully increases privacy and safety risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs browser-derived cookie access without an upfront user-facing warning that it will read authentication material from Chrome/keychain. Users may reasonably expect subtitle extraction to be unauthenticated, so this creates a serious consent and privacy gap around sensitive credential use.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill persists full transcripts and summaries to disk but does not provide an upfront warning that user-requested content will be stored locally. Persistent storage can create privacy, retention, and data-governance issues, especially if videos contain personal, private, or copyrighted material.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal