ClawHub

Webchat Audio Notifications

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed browser audio-notification add-on with local settings storage and no evidence of exfiltration, credential access, destructive behavior, or hidden persistence.

Install only if you want browser sound notifications for a webchat. Review the default enabled setting, volume/intensity level, and custom sound storage in localStorage, and serve the bundled settings panel from a trusted local path rather than from user-editable or remote HTML.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The settings panel exposes custom audio upload and removal features that materially expand behavior beyond the declared skill scope of five predefined notification intensity levels. Even though this file does not itself process the upload, introducing arbitrary user-supplied media creates an undeclared capability and increases attack surface in the notifier implementation, including file validation, storage, and playback handling.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The page fetches an HTML fragment, inserts it into the DOM, then explicitly extracts and executes any embedded script blocks. This creates a script-injection sink: if the fetched fragment is modified, replaced, or served from an unexpected origin/path, arbitrary JavaScript will run in the page context. In a test utility this behavior is not necessary for audio notification validation and increases risk beyond the feature's purpose.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide explicitly states that the publish command packages the entire directory, but it does not warn maintainers to review the directory for secrets, local config files, test artifacts, or other unintended content before publishing. That can lead to accidental disclosure of sensitive files or internal-only material to all downstream users of the skill.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The guide enables notifications by default and encourages persistence of settings in localStorage without an explicit user-consent step or privacy notice. While this is not an exploit primitive, it can surprise users by activating background audio behavior and storing preferences automatically, which is a legitimate security/privacy usability concern.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The integration guidance enables audible notifications as a normal/default behavior without clearly warning implementers to obtain user consent or consider privacy in shared environments. This can expose the presence and timing of private chat activity to nearby people, especially in workplaces, public spaces, or shared devices, though it is primarily a privacy/usability issue rather than a direct code-execution risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal