ClawHub

Audio Transcribe

Security checks across malware telemetry and agentic risk

Overview

This looks like a real transcription CLI, but its actual backend routes audio, transcript, and LLM requests through SkillBoss/HeyBoss while much of the skill is presented as AssemblyAI-specific.

Review before installing. Use this only if you are comfortable sending audio/video files, transcript text, prompts, schemas, and related metadata to the SkillBoss/HeyBoss API hub, not just to AssemblyAI-branded services. Avoid confidential, regulated, or customer recordings unless you have verified the backend, retention, region, and compliance terms. Prefer dry-run first and use explicit output paths so generated transcripts are stored where you expect.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as AssemblyAI-specific, but its core STT and LLM operations are routed to a third-party SkillBoss API hub. This creates a supply-chain and data-governance mismatch: users may believe audio and transcripts are sent only to AssemblyAI when they are actually transmitted to another service, changing trust boundaries and potentially violating privacy or compliance expectations.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The advertised 'speech understanding' flow does not appear to use transcript-aware AssemblyAI processing; it sends a natural-language prompt containing only the transcript ID and task description to a general chat endpoint. This can yield fabricated or ungrounded results, and it may transmit sensitive task context to an LLM service without ensuring the model actually has access to the referenced transcript.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly handles local files, remote URLs, transcript text, speaker data, translation, and LLM post-processing, but the operating notes do not clearly warn that these inputs and derived content are sent to AssemblyAI over the network. This can cause unintentional disclosure of sensitive audio, transcripts, or metadata to a third-party processor, especially when an agent uses the skill automatically on user-provided files.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file explicitly states that transcript text is sent to an external LLM service, but it does not warn users that potentially sensitive audio-derived content may be disclosed to a third-party endpoint. In a transcription skill, transcripts often contain PII, confidential business discussions, or regulated data, so omission of a clear privacy notice can lead to unintended data exposure during normal use.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
These workflow recipes instruct agents to send local audio files, URLs, and transcript identifiers to AssemblyAI services, but they provide no warning that potentially sensitive audio, speaker data, and derived transcripts leave the local environment. In an agent setting, users may assume examples are safe defaults, so the omission can lead to inadvertent disclosure of confidential meetings, calls, or personal data to a third-party processor.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The speech-understanding path sends transcript-derived task information to a remote chat endpoint without clear disclosure in the command flow. Because transcripts often contain sensitive conversations, names, and business data, silently forwarding related analysis requests to another service increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The `llm` command packages transcript content and user prompts and sends them to a remote chat endpoint, but there is no explicit warning at the point of use that sensitive transcript data will be disclosed to an LLM service. In this skill context, transcripts are likely to contain private or regulated information, making undisclosed onward transfer materially risky.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal