ClawHub

TL;DX

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent transcription and summarization purpose, but its setup scripts can automatically modify the host system and build/download unpinned dependencies without clear user control.

Review before installing. Use it only if you are comfortable with a skill that may download media and models, create persistent transcript files, install ffmpeg with system package managers, and clone/build whisper.cpp from GitHub. Prefer running it in a disposable or sandboxed environment, and confirm dependency installation manually when possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill explicitly instructs use of shell scripts for transcription/bootstrap (`scripts/*.sh`) yet declares no permissions, creating a transparency and governance gap. Even if the shell use is central to the feature, undeclared code-execution capability can surprise users and reviewers and may enable package installation, downloads, or file modifications without clear consent boundaries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
This is a true security-relevant mismatch: the skill presents itself as a summarization/transcription workflow, but the described implementation behavior includes environment modification, external code/model retrieval, and cleanup operations while omitting many promised higher-level functions. That mismatch materially increases risk because users may authorize a content-processing skill without realizing it can install packages, fetch third-party code, and alter local state.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This script performs host-level package provisioning and may modify the user's system by installing ffmpeg through multiple package managers. While ffmpeg is relevant to transcription/media processing, automatically installing system packages with possible privilege escalation exceeds a typical least-privilege skill boundary and creates supply-chain and system-integrity risk.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The skill directs the agent to inspect rendered pages, scripts, network requests, and download third-party media, but it does not clearly surface that this entails active network access and retrieval of external content. In a content-acquisition skill this behavior is contextually expected, but the lack of explicit disclosure and consent language still creates privacy, policy, and data-handling risk, especially for authenticated pages or sensitive URLs.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The invocation example instructs the agent to acquire external media and transcribe it if captions are unavailable, but it does not require explicit user confirmation or warn that external content will be downloaded and processed. This can lead to unexpected handling of third-party or local content, creating privacy, consent, bandwidth, copyright, and policy risks, especially when users may not realize the workflow goes beyond summarization into media acquisition.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The workflow explicitly instructs the skill to write durable artifacts into the current workspace and retain some local assets, but it does not say the user should be informed that files will be created and may persist beyond the immediate task. In an agent setting, silent file creation and retention can surprise users, expose sensitive transcript content to later reuse, and increase privacy or data-handling risk even if the behavior is operationally useful.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script automatically clones, fetches, and builds whisper.cpp from the network if a local binary is unavailable, with no integrity pinning, version pinning, checksum verification, or user confirmation. In a skill that processes untrusted user-supplied media, implicit installation of executable code increases supply-chain risk and can surprise operators by performing networked build steps during normal use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal