ClawHub

Airfoil

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but its speaker-control script can turn crafted speaker names into unintended AppleScript commands on the Mac.

Install only if you trust the users and agent flows that will provide speaker names. Avoid speaker names containing quotes or unusual syntax, validate volume values manually, and consider patching the script to pass speaker names as osascript arguments before use. Grant macOS Accessibility permissions only to a trusted terminal or agent environment and revoke them when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The integration examples use broad natural-language phrases like 'connect the Sonos Move' and 'Turn the music down' without clear confirmation or activation constraints. In an agent setting, this can cause unintended execution from ambiguous user input, resulting in live device control such as connecting speakers or changing volume unexpectedly.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The documentation does not clearly warn users that commands immediately affect live audio devices by connecting speakers and altering volume. This increases the chance of surprise behavior or disruptive actions in real environments, especially if invoked through an assistant rather than directly by an informed terminal user.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The `connect` command embeds the user-controlled speaker name directly into an AppleScript string passed to `osascript`. A crafted speaker argument containing quotes or AppleScript syntax can break out of the intended string and inject arbitrary AppleScript, which may execute additional actions on the host under the user's privileges; in a CLI automation skill, this makes the issue more dangerous because inputs are expected to come from users or other tools.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal