ClawHub

Percept Listen

Security checks across malware telemetry and agentic risk

Overview

This skill openly sets up local ambient transcription, but users should treat it carefully because it can capture and store nearby conversations.

Install only if you intentionally want ambient listening. Get consent from people who may be recorded, check applicable recording laws, protect any tunnel or webhook, and review how transcripts in the local database and conversation files can be stopped, retained, or deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger examples include broad, natural phrases like 'start listening' and 'turn on the mic', which are common in ordinary conversation and can cause accidental or unintended activation. In a skill that enables ambient audio capture, unintended invocation is particularly sensitive because it may start collecting nearby speech without clear, deliberate user consent at the moment of activation.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill describes ambient conversation capture and transcription but does not provide an explicit privacy warning about recording nearby speakers, handling sensitive content, consent requirements, or the legal implications of monitoring conversations. Because this skill is designed to collect ambient speech continuously from a wearable device, the absence of clear warnings and consent guidance materially increases the risk of covert or non-consensual surveillance.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal