ClawHub

rupali

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Sarvam text-to-speech companion helper with disclosed API-key use and no hidden persistence or unrelated data access.

Install only if you are comfortable providing a Sarvam API key and having generated companion reply text processed by Sarvam to create audio. Avoid using it for sensitive private content unless that third-party processing is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs use of an API key from the environment and networked TTS synthesis, but it declares no permissions or capability boundaries. That creates a transparency and governance gap: operators may approve or invoke the skill without realizing it can access secrets and make outbound requests, which is especially risky in agent ecosystems that rely on manifest-level permission review.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill claims cross-channel companion behavior but the documented implementation only shows a local CLI invocation that writes an MP3 file. This mismatch is dangerous because reviewers and orchestrators may trust the declared purpose while the real behavior, triggers, and data flows are undocumented, enabling hidden functionality or unsafe deployment assumptions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends arbitrary input text to a third-party TTS endpoint without any user-facing notice or consent mechanism. In a chat-assistant context, users may assume their text stays within the platform, so silent external transmission can expose sensitive or intimate content to an outside processor.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal