ClawHub

Talkspresso

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Talkspresso helper, but it gives an agent broad account-changing API access and local file upload ability without enough built-in confirmation guidance.

Install only if you trust Talkspresso and want an agent to use your Talkspresso API key. Before use, require explicit confirmation for the exact file path being uploaded, recipient/message text, booking changes, deletes, cancellations, profile/calendar changes, prices, and any action affecting client or transaction data. Use the least-privileged API key available and rotate it if exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill explicitly supports uploading arbitrary local files via curl `-F file=@...` and then attaching the returned URL to products or profile data. File upload is arguably relevant to digital products, but the instructions are broad and lack constraints on file origin, path scope, or confirmation, so an agent could exfiltrate unintended local files if prompted ambiguously or maliciously.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The description includes very broad trigger language such as 'do anything related to their Talkspresso account,' which can cause over-selection of this skill for generic account-management requests. Over-broad routing increases the chance the agent invokes a networked, state-changing skill in contexts where the user did not specifically intend Talkspresso actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file-upload examples transmit local files to a remote API but never warn the user that local content leaves the machine and may become remotely stored or publicly accessible via a CDN URL. In an agent setting, absence of such a warning materially increases the risk of accidental exfiltration of sensitive local documents.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The reference documents broad authenticated access with a bearer API key plus numerous write and destructive endpoints, including delete, update, cancel, decline, promo-code changes, messaging, and file operations, without any warning about sensitive data handling or confirmation expectations. In an agent skill context, this increases the chance of unsafe automation, accidental destructive actions, and misuse of account-wide credentials against business data and client information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal