ClawHub

Dual-Host Daily Podcast Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned, but it can automatically publish generated podcast content to public feeds and external services with limited review and credential-safety guidance.

Install only if you are comfortable with generated scripts and audio being sent to Fish Audio, uploaded to S3/RSS, and optionally posted to messaging platforms. Use dedicated least-privilege AWS credentials and a non-sensitive bucket, keep API keys out of source files and logs, review generated content before publishing, and test manually before enabling cron.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The publish and delivery steps send generated content, podcast metadata, and potentially identifiers such as owner email, hosting URLs, and messaging content to third-party services like S3, podcast platforms, and chat tools, but the skill does not warn users about this data transfer. This can lead to unintentional disclosure of sensitive or regulated content, especially in a fully automated cron-based workflow.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The configuration requires a `FISH_API_KEY` and external voice IDs, indicating use of a third-party TTS provider, but it does not disclose that podcast scripts and voice segments will be transmitted to that provider for synthesis. Because the skill generates full conversational content, this omission can expose proprietary, personal, or compliance-sensitive material to an external processor without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends arbitrary podcast script text to a third-party TTS provider without any consent prompt, warning, or data-classification check. In this skill's context, the input may contain unpublished content, proprietary prompts, or sensitive material, so silent remote transmission creates a real confidentiality and compliance risk even though the behavior appears functionally intended.

External Transmission

Medium
Category
Data Exfiltration
Content
return segments

def tts(text, voice_id, output):
    resp = requests.post(API_URL,
        headers={
            "Authorization": f"Bearer {API_KEY}",
            "Content-Type": "application/json"
Confidence
96% confidence
Finding
requests.post(API_URL, headers={ "Authorization": f"Bearer {API_KEY}", "Content-Type": "application/json" }, json=

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal