ClawHub

Live Transcription

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Gladia live-transcription documentation skill; it does not contain executable code or hidden behavior, but users should handle audio privacy and consent carefully.

Install only if you intend to use Gladia for live transcription. Before using it on meetings, calls, or customer support audio, confirm consent requirements, avoid unnecessary capture, restrict transcript access, and use Gladia session deletion or retention controls where appropriate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill enables real-time audio streaming to a third-party transcription service but does not warn users that live microphone, call, or meeting audio will be transmitted off-device and may contain sensitive personal or regulated data. In a voice-agent and call-center context, this omission can lead to inadvertent exposure of private conversations, consent violations, or noncompliance with data-handling requirements.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The call center example explicitly enables named entity recognition and summarization over customer calls, which can process and condense sensitive personal data such as names and account numbers without any accompanying privacy notice, consent guidance, retention limits, or redaction recommendations. In a live-transcription skill used for customer support, this increases the risk of over-collection, unauthorized processing, and downstream exposure of sensitive information in transcripts and summaries.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal