ClawHub

Listenhub

Security checks across malware telemetry and agentic risk

Overview

This media-generation skill is mostly purpose-aligned, but its image setup can automatically change the system and store API keys in shell startup files.

Review before installing. Use this skill only if you are comfortable sending selected content to ListenHub/Labnana APIs. Prefer installing jq/curl yourself, setting LISTENHUB_API_KEY through your own shell or secret manager, and avoiding the image script's first-run auto-setup with pasted untrusted values. Do not submit confidential text, private URLs, secrets, or sensitive local images unless you trust the provider and any image host involved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script scans multiple shell startup files to recover LISTENHUB_API_KEY and LISTENHUB_OUTPUT_DIR, reaching into persistent user configuration outside the immediate image-generation task. For a media-generation skill, reading shell RC files broadens access to sensitive local state and normalizes persistence-oriented behavior that is unnecessary for one-shot execution.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script persistently writes the API key and output directory into the user's shell RC file, modifying long-lived execution environment state unrelated to generating a single image. Storing credentials in shell startup files increases exposure to accidental disclosure, shell-history/config syncing, and future unintended use by other processes.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script auto-installs missing dependencies using system package managers, including privileged commands, which exceeds the expected scope of an image-generation utility. Unprompted software installation can alter the host system, trigger privileged actions, and create an avenue for misuse or unexpected side effects.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The library automatically reads LISTENHUB_API_KEY from ~/.zshrc or ~/.bashrc, which expands its access into unrelated user shell startup files. For a media-generation skill, silently scraping credentials from shell config is broader-than-necessary privilege and can expose secrets from files users may not expect the skill to inspect.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough to match common user requests like 'read this aloud' or 'generate an image,' increasing the chance of accidental invocation. In this skill, unintended invocation is more concerning because running it can lead to network transmission of user content, local config access, file writes, and possible setup flows, so an imprecise trigger surface can expose users to actions they did not intend.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script reads arbitrary podcast script text from a file or stdin and unconditionally sends it to a remote API endpoint via `api_post`, with no explicit notice, confirmation, or consent step at the point of transmission. In this skill context, users may provide article text, transcripts, or other sensitive content to generate audio, so silent network exfiltration of user-supplied material creates a real privacy and data-handling risk even if it is expected functionality.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script transmits user-supplied query text and optional source URLs/texts to an external ListenHub API via `api_post` without any explicit consent prompt, warning, or data-handling notice in the script itself. Because source text may contain sensitive or proprietary content, users can unknowingly exfiltrate private data to a third-party service, which is a real privacy/security risk in an agent skill context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script takes arbitrary speech content from a file or stdin and forwards it to an external ListenHub API via `api_post "speech" "$BODY"` without any built-in notice, confirmation, or guardrail that user-provided text will leave the local environment. This creates a real privacy and data-handling risk because users may pass sensitive text, transcripts, or proprietary material assuming the tool is operating locally when it is actually transmitting the full payload to a remote service.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script writes a pasted API key into a shell startup file without a clear warning that the credential will be stored persistently in plaintext. This can surprise users and expose the key to local disclosure through backups, dotfile syncing, shared accounts, or accidental publication.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script automatically executes package manager installation commands for missing tools without prior confirmation. Even if intended for convenience, silently making system changes is unsafe behavior for a content-generation skill and can lead to unauthorized or unexpected host modification.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal