ClawHub

Audio

Security checks across malware telemetry and agentic risk

Overview

This is a coherent audio-processing guide with expected local FFmpeg workflows and optional third-party transcription examples, but users should handle cloud transcription and tokens carefully.

Install this if you want an audio workflow helper. Work in a dedicated folder, keep backups of source recordings, review generated file lists before using concat commands, and avoid sending sensitive recordings to cloud transcription services unless you have approval and understand the provider's privacy and retention terms. Use environment variables for real API tokens instead of pasting secrets into commands or shared files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document recommends API-based transcription services but does not warn that audio content may be transmitted to third parties and handled under their retention and privacy policies. In a transcription workflow, audio often contains sensitive personal, business, or regulated data, so omission of a privacy warning can lead users to expose data unintentionally.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The diarization examples show use of a Hugging Face access token without guidance on secure handling. Users may paste tokens directly into shell history, scripts, or shared terminals, increasing the risk of credential leakage and unauthorized access to linked services.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The AssemblyAI example uses an API key and external transcription endpoint but omits warnings that both credentials and uploaded audio may contain sensitive information. This can cause users to disclose confidential recordings or expose API keys through copy-paste, shell history, logs, or shared scripts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal