ClawHub

Qclaw Speaker

Security checks across malware telemetry and agentic risk

Overview

This is a text-to-speech skill with purpose-aligned installer, network, and config behavior, though users should understand the package installs, model downloads, and online voice privacy tradeoffs before using it.

Install only if you are comfortable letting it install Python packages and, for Edge TTS, send text to an online voice service. Use the sherpa or Windows engine for offline speech, and prefer reviewing or pinning dependency/model sources in sensitive environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises installation, configuration persistence, network-backed TTS, and shell-based invocation, but declares no permissions. That creates a trust and policy gap: users or the hosting platform may approve the skill expecting a harmless local TTS feature while it can read/write config, invoke installers/CLI commands, and access external services or download artifacts.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The documentation materially understates and misdescribes behavior, especially around external package/model downloads and the actual implemented engines/voices. In a skill ecosystem, this is dangerous because reviewers and users may grant execution to what appears to be a mostly local lightweight TTS tool without understanding that it performs software installation and fetches remote artifacts, increasing supply-chain and unexpected-network-risk exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal