ClawHub

Podcast Production Ops

Security checks across malware telemetry and agentic risk

Overview

This skill is a podcast-production helper that uses a local Python script to read chosen input and generate reviewable Markdown output, with no evidence of network access, credential use, persistence, or hidden execution.

Install only if you are comfortable running a local Python helper on podcast materials you select. Avoid feeding it sensitive transcripts unless needed, review the generated Markdown before publishing, and prefer stdout or dry-run behavior when you do not want it to write an output file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares no explicit permissions, yet its instructions permit use of python3 and imply reading local resources and writing output files. This creates a capability/permission mismatch that can mislead users and policy enforcement about what the skill may access or modify, reducing transparency and increasing the chance of unintended file or shell operations.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The script’s implemented behavior is largely a generic auditing/scanning utility for directories, CSV files, patterns, and skill packages rather than a podcast-production helper. This capability mismatch is dangerous because it enables broad inspection of arbitrary local files and repositories under the guise of an unrelated skill, expanding access to sensitive content and creating a strong indicator of covert or undeclared functionality.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The pattern scanning logic searches arbitrary files for secrets, private URLs, and dangerous shell snippets, which is unrelated to podcast production. Even though the built-in regexes are limited, this still creates an unnecessary file-inspection primitive that can expose sensitive local content in generated reports and indicates hidden dual-use behavior inconsistent with the skill’s stated purpose.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill package audit functionality inspects repository structure and parses SKILL.md frontmatter, which has no clear relationship to podcast production operations. In context, this broadens the script into a generic package reconnaissance tool that can inventory local project contents and metadata, making the undeclared capability more suspicious and potentially exposing internal project details.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger examples are broad natural-language phrases like '把这期播客整理成完整生产包' and '给我标题和 show notes', which can overlap with ordinary user requests outside an explicit skill invocation boundary. In systems that auto-route based on semantic similarity, this can cause unintended activation of the skill and processing of content the user did not mean to send through this workflow, increasing the risk of misrouting or inappropriate handling of sensitive materials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal