ClawHub

Podcast Generator

Security checks across malware telemetry and agentic risk

Overview

This podcast generator mostly matches its stated purpose, but it can initiate paid SkillPay charges and process user text through external tooling without strong per-use confirmation or privacy scoping.

Review before installing if you will connect real SkillPay credentials. Require an explicit confirmation before each charge, avoid using sensitive or proprietary text unless you accept the TTS data flow, choose non-sensitive output paths because files can be overwritten, and clear the local stats file if episode titles are private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
with open(lst, "w") as f:
            for t in tmps:
                f.write(f"file '{t}'\n")
        subprocess.run(["ffmpeg", "-y", "-f", "concat", "-safe", "0", "-i", lst, "-c", "copy", output],
                       capture_output=True, timeout=120)
    elif tmps:
        import shutil
Confidence
87% confidence
Finding
subprocess.run(["ffmpeg", "-y", "-f", "concat", "-safe", "0", "-i", lst, "-c", "copy", output], capture_output=True, timeout=120)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrase 'any text' makes the invocation scope overly broad, increasing the chance the skill is selected for sensitive, irrelevant, or adversarial inputs. In context, this is riskier because the skill also performs billing and file/network operations, so accidental invocation can lead to unwanted charges or processing of confidential content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script content is passed to `edge-tts`, which commonly relies on remote service interaction, yet users are not clearly warned that their text may leave the local environment. If the skill is used on sensitive drafts, private articles, or proprietary material, this can cause unintended disclosure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal