ClawHub

Voice Recognition

Security checks across malware telemetry and agentic risk

Overview

This is a local speech-to-text skill, but its installer can unexpectedly modify the host Python environment and its offline/privacy claims are overstated.

Review before installing. Use this only in an isolated virtual environment, avoid running the bundled installer as-is on a managed/system Python, and expect network access for package and model downloads before transcription can run offline. Consider removing the /tmp import fallback and pinning dependencies before using it in sensitive environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
)
    if result.returncode != 0:
        print(f"  ⚠️  Retrying torch install...")
        result = subprocess.run(
            [pip_path, 'install', '--break-system-packages', 'torch',
             '--index-url', 'https://download.pytorch.org/whl/cpu'],
            capture_output=True, text=True
Confidence
89% confidence
Finding
result = subprocess.run( [pip_path, 'install', '--break-system-packages', 'torch', '--index-url', 'https://download.pytorch.org/whl/cpu'], capture_output=T

subprocess module call

Medium
Category
Dangerous Code Execution
Content
)
        if result.returncode != 0:
            print(f"  ⚠️  pip failed, trying with --break-system-packages...")
            result = subprocess.run(
                [pip_path, 'install', '--break-system-packages', pkg],
                capture_output=True, text=True
            )
Confidence
91% confidence
Finding
result = subprocess.run( [pip_path, 'install', '--break-system-packages', pkg], capture_output=True, text=True )

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README repeatedly claims the skill is '100% private', 'No internet required', and '100% offline', but later notes that the first run downloads Whisper model files into the local cache. This mismatch is security-relevant because users operating in air-gapped or sensitive environments may rely on the offline/privacy claim and unintentionally permit outbound network access or unreviewed binary/model downloads.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The installer explicitly falls back to system pip after venv creation failure, without requiring confirmation or clearly explaining the consequences. That behavior can unexpectedly modify globally installed Python packages on the host, creating package conflicts, breaking system tooling, or violating least-privilege expectations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal