ClawHub

Ai Podcast Pipeline

Security checks across malware telemetry and agentic risk

Overview

The podcast pipeline mostly matches its purpose, but its thumbnail step runs an undeclared external helper with the user's environment and API key.

Review the nano-banana-pro helper and its dependencies before using thumbnail generation, and run this with a dedicated Gemini key with limited quota. Avoid confidential source notes because content is sent to Gemini, and choose output paths carefully because existing media files may be overwritten.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs use of environment variables, local file reads/writes, network access to Gemini APIs, and shell/subprocess execution for ffmpeg, but it does not declare those permissions. Undeclared capabilities weaken reviewability and consent boundaries: a user or platform may invoke the skill without understanding that it can access local content, call external services, and execute commands, increasing the chance of misuse or overreach if supporting scripts are modified or compromised.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script always passes -y to ffmpeg, which silently overwrites the output file and any derived shifted subtitle file path under the chosen output location. In an automated content pipeline this can destroy prior artifacts or replace files unexpectedly if the output path is wrong, making accidental data loss more likely; the podcast-rendering context increases practical risk because batch jobs commonly reuse filenames.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal