ClawHub

Scientific Podcast Summary

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed podcast summarizer that fetches podcast pages, sends extracted text to an OpenAI-compatible model, and can optionally save the summary to a file.

Install this in a virtual environment, pin dependency versions if you need reproducible or production use, use a limited OpenAI-compatible API key, verify OPENAI_BASE_URL before running, and only pass public trusted podcast URLs because fetched content may be sent to the configured LLM provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises and operationalizes capabilities requiring environment-variable access, network access, and file output, but it does not declare any permissions or enforcement boundaries. This creates a trust and review gap: operators may invoke it without realizing it can call external APIs, read secrets like OPENAI_API_KEY from the environment, and write artifacts to arbitrary paths.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script accepts a user-supplied --url and passes it directly to requests.get, allowing fetching of arbitrary remote content outside the advertised podcast sources. In an agent or automated environment, this expands the trust boundary and can enable SSRF-style access to internal services, cloud metadata endpoints, or other unintended destinations if an attacker can influence the URL.

Intent-Code Divergence

Medium
Confidence
78% confidence
Finding
The command description claims the tool is limited to Huberman Lab and Nature Podcast, but the implementation allows direct arbitrary URL fetching and has a generic parser fallback. This mismatch is dangerous because users or downstream agents may grant broader network and data trust than intended, increasing the likelihood that the arbitrary-fetch behavior is abused unnoticed.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Extracted webpage or podcast content is transmitted to an external LLM service without any clear user-facing consent, warning, or data-classification check. If the fetched page contains sensitive, private, copyrighted, or internal material, the tool may exfiltrate that content to a third-party API unexpectedly.

Ssd 1

Medium
Confidence
92% confidence
Finding
Untrusted webpage text is embedded directly into the LLM prompt, so malicious page content can contain instructions that manipulate the model's behavior, output structure, or disclosures. While the model call here does not itself have tool-use privileges, prompt injection can still cause misleading summaries, policy bypass within the model response, or inclusion of attacker-chosen content and links.

Unpinned Dependencies

Low
Category
Supply Chain
Content
bs4
openai
requests
Confidence
98% confidence
Finding
bs4

Unpinned Dependencies

Low
Category
Supply Chain
Content
bs4
openai
requests
Confidence
98% confidence
Finding
openai

Unpinned Dependencies

Low
Category
Supply Chain
Content
bs4
openai
requests
Confidence
99% confidence
Finding
requests

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
96% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal