ClawHub

Bland

Security checks across malware telemetry and agentic risk

Overview

This Bland AI skill is mostly purpose-aligned, but it can place real calls, expose call recordings/transcripts, stop active calls, and buy phone numbers without enough safeguards or warnings.

Install only if you trust this skill with your Bland AI account, call metadata, recordings, transcripts, and billing actions. Prefer setting BLAND_API_KEY explicitly, confirm legal authorization and consent before calls or recording access, and treat stop-all, setup-inbound, and buy-number as live account-changing commands that should be run deliberately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script automatically discovers credentials from hard-coded filesystem locations, including /root/clawd/.env, without requiring explicit user consent. In an agent/skill context, this broadens the credential access surface and can silently use secrets from outside the skill's own configuration, which is dangerous if the script is invoked in a privileged environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes commands for retrieving call transcripts and recording URLs but does not warn that these artifacts can contain highly sensitive personal, financial, or health information. In an agent setting, this omission increases the chance that users will access, share, or persist privacy-sensitive data without informed consent or appropriate handling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill prominently advertises outbound AI calling to real phone numbers without warning that these actions contact third parties, may incur charges, and can create real-world consequences such as harassment, consent issues, or unintended commitments. In an autonomous agent context, the lack of a cautionary notice makes misuse more likely because the commands appear operationally routine rather than user-impacting.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script reads an API key from environment and .env files silently, with no notice that it will access local credentials. In a skill setting, undisclosed secret harvesting behavior is risky because users may not expect the tool to inspect filesystem locations for credentials.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The helper functions send data to a remote API, and higher-level commands use them to transmit phone numbers, prompts, transcripts, and analysis content without an explicit privacy warning. Because this skill handles potentially sensitive call metadata and conversation content, silent transmission increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The stop and stop-all commands perform destructive account actions immediately, including stopping all active calls, without confirmation. In an operational voice-calling tool this can interrupt business workflows or active customer interactions if triggered accidentally or by another component.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The buy-number command initiates a billable account action with no warning or confirmation, so accidental execution can incur charges or modify account state unexpectedly. In an agent environment, side-effecting purchases should not occur silently because they can be triggered indirectly by automation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal