ClawHub

Gladia YouTube Transcription (Free)

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Gladia transcription helper, but users should avoid its optional shell rc file API-key example.

Install only if you are comfortable sending the media URL and transcript content to Gladia under your own account. Set GLADIA_API_KEY only for the current session or through a proper secrets manager; do not copy the ~/.bashrc persistence example. Use public or authorized media, and choose output paths carefully because the optional output file can be overwritten.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The setup instructions recommend persisting the API key in ~/.bashrc, then later warn not to store API keys in shell rc files. Persisting secrets in rc files increases the chance of accidental disclosure through backups, dotfile sync, screen sharing, or mistaken commits, especially because users may copy the documented command verbatim.

Session Persistence

Medium
Category
Rogue Agent
Content
export GLADIA_API_KEY="your-api-key-here"
```

**Or add to ~/.bashrc** (ensure ~/.bashrc is in .gitignore):
```bash
echo 'export GLADIA_API_KEY="your-api-key-here"' >> ~/.bashrc
source ~/.bashrc
Confidence
96% confidence
Finding
add to ~/.bashrc

YARA rule 'backdoor_persistence': Backdoor persistence with malicious payloads (shell commands, SSH key injection, hidden root users) [malware]

High
Category
YARA Match
Content
**Or add to ~/.bashrc** (ensure ~/.bashrc is in .gitignore):
```bash
echo 'export GLADIA_API_KEY="your-api-key-here"' >> ~/.bashrc
source ~/.bashrc
```
Confidence
84% confidence
Finding
echo 'export GLADIA_API_KEY="your-api-key-here"' >> ~/.bashrc

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal