ClawHub

Oatda Translate Audio

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OATDA audio-translation helper that uploads user-provided audio to OATDA for translation, which is expected for its purpose.

Install only if you are comfortable sending selected audio recordings to OATDA with your OATDA API key. Treat recordings as potentially sensitive, prefer the documented multipart upload path, and avoid uploading private, medical, financial, or confidential conversations unless that is intentional.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

External Transmission

Medium
Category
Data Exfiltration
Content
AUDIO_DATA_URL="data:audio/mpeg;base64,$(base64 -w 0 audio.mp3)"

export OATDA_API_KEY="${OATDA_API_KEY:-$(cat ~/.oatda/credentials.json 2>/dev/null | jq -r '.profiles[.defaultProfile].apiKey' 2>/dev/null)}" && \
curl -s -X POST "https://oatda.com/api/v1/llm/translations" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $OATDA_API_KEY" \
  -d "$(jq -n \
Confidence
92% confidence
Finding
curl -s -X POST "https://oatda.com/api/v1/llm/translations" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $OATDA_API_KEY" \ -d

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal