ClawHub

Geode On-device Transcribe & Summary

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for transcription, but it needs review because it handles sensitive audio through a companion app with persistent shared storage and under-specified command/input safeguards.

Install only if you trust the Geode.app companion and are comfortable with audio, transcripts, summaries, and task metadata being stored locally in its App Group container. Confirm the intended language and whether summarization should run before submitting files, avoid unusual characters in file paths, and periodically delete sensitive files from the shared Geode folders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest advertises on-device/local transcription and summarization, but the documented behavior depends on account login, quota enforcement, and App Store installation of a companion app. This mismatch can mislead users and agents into sending sensitive audio under false privacy assumptions, especially when users expect fully local processing with no service dependency.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The workflow directs the agent to copy user audio into a shared App Group container and later copy outputs elsewhere, but provides no safeguards around consent, retention, overwrite behavior, access control, or cleanup. For sensitive recordings, this increases the risk of unintended persistence, broader local exposure through shared storage, and accidental disclosure of transcript/summary files.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The examples hard-code `--language zh`, which can cause the agent to submit audio for Chinese transcription without confirming the user's intended language. This can materially degrade output quality, mis-handle user data, and create misleading summaries or transcripts that the user may rely on.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal