ClawHub

MoodCast

Security checks across malware telemetry and agentic risk

Overview

MoodCast does what it says, but it can automatically install an unpinned Python package at runtime and sends user text to ElevenLabs, so users should review it before installing.

Install only if you are comfortable with your selected text and sound prompts being processed by ElevenLabs and with the skill using your ElevenLabs API key and credits. Prefer installing dependencies yourself from a reviewed requirements file, or run it in an isolated Python environment, because the current script may automatically install the elevenlabs package if it is missing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from elevenlabs import play
except ImportError:
    print("Installing elevenlabs package...")
    subprocess.check_call([sys.executable, "-m", "pip", "install", "elevenlabs", "-q"])
    from elevenlabs.client import ElevenLabs
    from elevenlabs import play
Confidence
94% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "elevenlabs", "-q"])

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill invokes shell commands and requires environment-based secrets, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: a host may expose shell or secret access without the user being clearly informed, increasing the risk of unintended command execution or secret use.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Installing dependencies during normal execution is risky because it silently changes the host environment and runs package installation logic unrelated to the core conversion task at that moment. In a skill context, users may not expect network access, package downloads, or interpreter modification merely from invoking audio generation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README clearly states the skill uses multiple ElevenLabs APIs to analyze text, generate speech, and create ambient soundscapes, which implies user-provided text and prompts are sent to a third-party service. Without an explicit privacy/data-sharing notice, users may unknowingly submit sensitive content to an external provider, creating consent and data-handling risk in a messaging/agent context where inputs may contain private information.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger phrases include broad, everyday language such as 'make this sound good' and 'create audio for', which can cause the skill to activate in contexts where the user did not intend to send content to an external audio service. In this skill's context, accidental activation is more concerning because user-provided text may be transmitted to ElevenLabs APIs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description explains functionality but does not warn users that provided text is sent to external ElevenLabs APIs for text-to-speech and ambient sound generation. This is a privacy and data-handling issue because users may supply sensitive text under the assumption processing is local, and broad triggers increase the chance of accidental disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code performs pip installation immediately on ImportError, without prior confirmation in the interface or a consent prompt. This surprises users and can trigger unintended network access, package execution, and persistent environment changes on systems where the script is run.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal