ClawHub

english-game

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Feishu/Lark English game, with the main risk being disclosed external transcription of voice messages.

Install only if you want SenseAudio-backed speaking practice in Feishu/Lark. Use a dedicated low-privilege SenseAudio key, keep SENSEAUDIO_BASE_URL set to the trusted HTTPS provider, and tell group participants that voice messages used in speaking mode will be sent to an external ASR service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Tainted flow: 'base_url' from os.environ.get (line 51, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
with open(args.file, "rb") as fh:
        files = {"file": (os.path.basename(args.file), fh)}
        resp = requests.post(
            f"{base_url}{TRANSCRIBE_PATH}",
            headers=headers,
            data=data,
Confidence
90% confidence
Finding
resp = requests.post( f"{base_url}{TRANSCRIBE_PATH}", headers=headers, data=data, files=files, timeout=120, )

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs use of environment variables and outbound network access to a third-party ASR provider, but it does not declare those capabilities or permissions. Hidden or undeclared access increases the risk of reviewers and operators mis-scoping trust boundaries, especially because user voice data may be sent off-platform to an external service.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented behavior materially overstates what the skill actually implements while omitting a named third-party transcription dependency. This can mislead deployers into believing the skill is a self-contained chat-game workflow when it actually relies on external processing and lacks the described control logic, which undermines security review, privacy assessment, and operational safeguards.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document instructs the system to download user voice messages and send them to a transcription script, but it provides no user-facing notice, consent flow, retention guidance, or data-handling constraints. Because voice data is biometric and may contain sensitive personal information, silent collection and processing increases privacy, compliance, and trust risks, especially in a group-chat environment where users may not expect backend transcription.

Missing User Warnings

Medium
Confidence
77% confidence
Finding
The script uploads the full audio file to an external transcription service, but the code contains no explicit consent, notice, or policy check before transmitting potentially sensitive voice content. In the context of a chat game skill with speaking practice, users may reasonably provide personal or identifying speech, so silent third-party transfer creates a real privacy and compliance risk.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal