ClawHub

Youtube Podcast Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local YouTube-to-podcast tool, but it handles API keys and sends transcript/script content to Gemini and OpenAI.

Install only if you are comfortable running a localhost Node server, installing npm dependencies, and sending video transcript/script content to Gemini and OpenAI. Prefer .env keys with spending limits, avoid sensitive/private transcripts, stop the server with the PID-based command, and use the reset/delete controls knowing they remove generated session files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares required binaries and environment variables but does not explicitly declare network/env permissions despite clearly using external APIs and localhost HTTP services. This weakens transparency and policy enforcement, making it easier for a user or platform to underestimate what the skill can access and transmit.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior understates materially sensitive capabilities: serving generated files over HTTP, packaging outputs into ZIP archives, semantic search over content, and deletion APIs. Hidden or underdocumented capabilities increase the chance of unintended data exposure or destructive actions because users may authorize the skill without understanding the full attack surface.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The deletion endpoint irreversibly removes server-side folders based solely on a caller-supplied ID, with no authentication, authorization, or ownership validation. Even on localhost, any local process or a webpage leveraging a local-service attack surface could delete another job’s data, causing denial of service and loss of generated assets.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The frontend sends the user's Gemini API key to the backend in the `x-api-key` header without explicit disclosure that the server will receive and handle the credential. In a skill that asks users to paste third-party API keys, this creates a real trust and secret-handling risk because a compromised, malicious, or improperly logged backend could capture and misuse the key.

Missing User Warnings

High
Confidence
95% confidence
Finding
The audio-generation flow transmits both Gemini and OpenAI API keys to the server, materially increasing the secret-exposure risk because two billable third-party credentials are handed to backend infrastructure. Given this skill's purpose—processing untrusted content and invoking multiple external AI services—backend access to raw user keys could lead to unauthorized API use, billing abuse, or key theft if the server, logs, job queue, or status pipeline are insecure.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal