ClawHub

Browser Audio Capture

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it captures browser-tab audio and tab metadata for a local transcription pipeline, but users must treat it as sensitive recording software.

Install only if you intentionally want browser tab audio recorded and sent to a local transcription pipeline. Keep the receiver and Chrome debugging interface bound to localhost, use a separate Chrome profile, avoid leaving watch mode running, stop captures when finished, and obtain appropriate consent before recording meetings, calls, courses, or private media.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
80% confidence
Finding
The skill documents network-capable behavior and a local HTTP sink but does not declare permissions or clearly scope what connectivity is required. Undeclared network behavior reduces transparency and reviewability, making it easier for a user or agent to run a skill that transmits sensitive audio and tab metadata without an explicit trust decision.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented purpose understates materially sensitive behavior: the skill can enumerate all open Chrome tabs, inspect URLs/titles, auto-detect meeting tabs, and continuously watch for them. In this context, tab discovery plus audio capture from meetings/webinars exposes highly sensitive communications and browsing metadata, so the mismatch can mislead users about the true surveillance scope.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The injected code transmits captured audio together with the current tab URL and document title to a local receiver, but the skill description does not disclose that metadata collection. URL and title can contain sensitive meeting names, document identifiers, search queries, or internal app paths, so this expands data exposure beyond simple audio capture.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Exfiltrating tab URL and title alongside audio increases privacy and confidentiality risk because those fields may reveal sensitive internal resources, meeting topics, account identifiers, or tokens embedded in URLs. They are not obviously required to perform raw browser-audio capture, so their collection is excessive for the stated purpose.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly streams browser audio along with tab URL and title to an HTTP endpoint, but the documentation omits any privacy warning or consent guidance. Audio from meetings, courses, calls, and media streams can contain confidential or regulated information, and tab metadata may reveal identities, organizations, and topics; sending this data over HTTP without prominent warning materially increases privacy and compliance risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code captures browser-tab audio and posts it, with additional tab metadata, without any explicit user-facing warning or consent flow in this path. In the context of meetings, webinars, and courses, this can result in covert recording of conversations and sensitive content, creating serious privacy, compliance, and organizational policy risks.

Missing User Warnings

High
Confidence
99% confidence
Finding
The watcher continuously scans for meeting tabs and automatically starts capture when one is detected, which enables unattended recording of meeting audio without contemporaneous confirmation. In a tool designed to stream browser audio to AI agents, this materially increases the risk of accidental or surreptitious collection of confidential discussions.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The README promotes automatic meeting detection and browser-tab audio capture workflows without any prominent privacy warning, consent guidance, or legal-use constraints. In the context of an audio-capture extension for meetings, this can normalize silent recording and transcription of sensitive conversations, increasing the risk of unauthorized interception, compliance violations, and accidental misuse.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This code transmits captured browser-tab audio plus tab URL/title to a localhost service over plain HTTP with no authentication, integrity protection, or user-facing confirmation at the point of transmission. Even though the destination is loopback, any local process bound to port 8900 can receive sensitive meeting/media audio and browsing metadata, making this a realistic data-exfiltration path on a multi-process or compromised host.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The popup UI presents a one-click flow to capture tab audio and send it through transcription and AI processing, but it does not visibly disclose what data is collected, where it is sent, whether third parties receive it, or what consent boundaries apply. Because browser-tab audio can contain meetings, private conversations, or copyrighted content, the lack of an explicit warning or privacy notice increases the risk of unintentional collection and disclosure of sensitive information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal