ClawHub

Gladia Sdk Integration

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Gladia SDK integration skill whose API key, audio upload, live transcription, and delete-method guidance fit its stated purpose, though users should add privacy and confirmation safeguards in real apps.

Safe to install as documentation for Gladia SDK use. Treat examples that upload files or stream microphone input as sending audio to Gladia's service, keep API keys server-side where possible, and require clear user confirmation before deleting jobs, sessions, transcripts, or associated audio.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents `delete(jobId)` and `delete(sessionId)` as available operations but does not explicitly warn that these actions permanently remove transcription jobs, session data, and possibly associated audio. In an agent skill, this omission can lead an autonomous system to suggest or invoke deletion without clear user confirmation, increasing the risk of accidental data loss.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The example demonstrates live microphone capture and transmission to a remote transcription service without any notice about consent, privacy, or the sensitivity of spoken/audio data. In an SDK integration guide, this can normalize collecting ambient or third-party speech and sending it off-device, which creates privacy, legal, and compliance risk if copied into production without safeguards.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal