ClawHub

SpeakNotes: YouTube, Audio & Document Summaries

Security checks across malware telemetry and agentic risk

Overview

This is a coherent SpeakNotes API integration, but it can use your SpeakNotes API key to upload selected content and read notes or folders in that account.

Install only if you trust SpeakNotes with the files, YouTube URLs, and existing note or folder data you ask the agent to process. Use a dedicated revocable API key, keep it in OpenClaw secrets/config, and avoid providing fcmToken/device-token values unless you understand why they are needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill description says it is for direct transcript/summary generation from YouTube URLs and uploaded media/documents, but the API contract also grants broad read access to list and retrieve notes and folders. That expands the data-access surface beyond the stated purpose and can enable unintended browsing or exfiltration of previously stored user content if the agent is over-permissioned or prompted to enumerate data.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The spec requires bearer authentication globally and also includes fields such as fcmToken without any privacy notice, data-minimization statement, or explanation of how device/notification tokens are handled. In an agent skill context, silent collection or forwarding of such tokens can expose sensitive account or device-linked identifiers to third-party services without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal