ClawHub

Transcript Analysis

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does the transcript analysis it describes, but it ships a plaintext QVeris API key that is used for authenticated outbound requests.

Review before installing. Use only after the publisher removes and rotates the embedded QVeris key, changes the script to read a user-provided key from an environment variable or secret store, and clearly documents when authenticated API mode sends requests to QVeris. The default web mode is lower risk, but the shipped secret should still be treated as exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The file contains a hard-coded QVeris API key and actively uses it in outbound requests. Embedding a live secret in source code is a real credential exposure: anyone with code access can reuse the key, incur charges, access associated data/services, or pivot into the linked account. In this skill’s context, transcript retrieval does not require shipping a vendor secret inside distributed code, so the exposure is more dangerous, not less.

Missing User Warnings

High
Confidence
98% confidence
Finding
The code not only stores a hard-coded credential but automatically attaches it to outbound HTTP requests in API mode without any user-facing disclosure or consent prompt. This creates both a secret-management issue and an unexpected external data transfer/billing path, increasing the chance of abuse, unauthorized usage, and operational surprise.

Ssd 3

High
Confidence
97% confidence
Finding
A plaintext API key is present directly in the script, making the secret trivially recoverable through normal code inspection, repository access, packaging, logs, or accidental redistribution. Even if the program does not print the key, storing it in source is itself a disclosure channel and can lead to unauthorized API consumption and account compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal