ClawHub

MoePeek AI Transcript

Security checks across malware telemetry and agentic risk

Overview

MoePeek appears to be a normal macOS translation utility, with privacy considerations around clipboard, OCR, selected text, and cloud translation providers.

Before installing, verify the GitHub release is from the expected MoePeek project and prefer signed or checksum-verified downloads if available. Use Apple Translation or local providers for confidential content, and avoid sending passwords, secrets, private screenshots, or proprietary clipboard text to cloud translation services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises OCR, clipboard, and selected-text translation plus multiple cloud translation providers, but does not warn users that potentially sensitive text may be transmitted to third-party services. In a translation tool, users may process passwords, personal data, internal documents, or on-screen content, so missing disclosure materially increases privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill markets privacy protection and local Apple translation, but the description also states support for Google, DeepL, and OpenAI without warning that selected text, clipboard contents, or OCR-extracted text may be transmitted to external services. In a translation tool that can process arbitrary user-selected content from any application, this omission can cause users to expose sensitive data under a misleading privacy expectation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal