ClawHub

Imam

Security checks across malware telemetry and agentic risk

Overview

This is a transparent prayer and text-to-speech assistant, with practical cautions around broad voice triggers, TTS credentials, location-based prayer timing, and an optional playback example.

Install only if you are comfortable with an always-on voice skill that may react to prayer-related phrases. Keep the confirmation step enabled, provide only dedicated TTS credentials with minimal permissions, avoid copying the os.system playback example into production code, and prefer manual prayer selection if you do not want location or local-time context used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
Using a broad phrase like 'time to pray' as an activation trigger can cause unintended invocation during ordinary conversation. In a voice-driven skill, accidental activation may start audio output, prayer flow, or related processing without clear user intent, which is especially disruptive in religious or shared environments.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Triggering on any prayer name alone is overly permissive because words like 'Fajr' or 'Maghrib' may appear in discussion, scheduling, or education contexts without intending to launch the skill. This increases the chance of unintended activation and unexpected voice output, which is amplified by the skill's 'always' metadata and voice-centric behavior.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The workflow says the skill may calculate the current prayer based on location and time, but the description does not clearly warn users that location-derived data may be used. Even if precise geolocation is not explicitly collected here, users should be informed when contextual location information can influence behavior, to avoid privacy surprises.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The sample code writes attacker-influenced text to an audio file and immediately invokes a local media player via os.system, causing side effects on the host without any confirmation, disclosure, or sandboxing guidance. Even though the command string is static in the example, this normalizes unsafe execution patterns and encourages direct shell invocation for unreviewed content, which can lead to abuse in agents running on user devices or shared environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal