ClawHub

Dlazy Qwen Audio Clone

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed dLazy voice-cloning wrapper, but its documentation has copy-paste errors that users should notice before relying on automation.

Install only if you are comfortable sending voice samples and related metadata to dLazy and storing or providing a dLazy API key. Prefer the npx path or review the @dlazy/cli package before global installation, and verify the real command help because the skill documentation contains audio-clone documentation mismatches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documented output schema claims this audio-cloning command returns an image object and image URL, which is inconsistent with the stated purpose of the skill. This can mislead an agent or user into mishandling returned artifacts, building incorrect downstream automations, or trusting malformed results, especially because the skill also uploads local media and interacts with remote APIs.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The examples and error handling reference unrelated prompt and image/video parameters instead of the declared audio-clone arguments, indicating the skill documentation was likely copied from another command without being fully updated. In an agent setting, such mismatches are dangerous because they can trigger wrong command construction, unintended local file uploads, failed executions, or user confusion around authentication and billing behavior.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal