ClawHub

Slybroadcast Voicemail

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent voicemail-campaign purpose, but it gives agents high-impact sending and campaign-control authority without enough reviewed implementation, scoping, or confirmation safeguards.

Install only if you trust the missing CLI/MCP implementation you will run locally. Before any send or campaign-control action, require a manual confirmation of recipients or list IDs, caller ID, message/audio source, schedule, cost/quota impact, and legal authorization to contact those recipients. Store Slybroadcast and ElevenLabs credentials securely, redact them from prompts/logs, and avoid placing sensitive voicemail audio or text in publicly reachable staging URLs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly enables sending voicemail campaigns and AI-generated audio through external third-party services, but the description does not warn users that recipient phone numbers, campaign metadata, and possibly generated voice content will leave the local system. In an agent/LLM setting, this omission is risky because a user may trigger outreach involving regulated or sensitive data without informed consent or understanding of where that data is processed.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill lists required credential environment variables and external service configuration without any caution about secure handling, least-privilege use, logging exposure, or accidental disclosure through prompts, shell history, or agent traces. While merely naming environment variables is not itself a secret leak, in this context it normalizes use of high-impact credentials for bulk messaging without instructing users on safe storage and operational safeguards.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal