ClawHub

senseaudio-voice-ab-lab

Security checks across malware telemetry and agentic risk

Overview

The skill’s voice A/B workflow is coherent, but it can use local credentials and automatically send generated audio to Feishu through unpinned helper code, so users should review it carefully before installing.

Install only if you are comfortable sending campaign briefs, voice recordings, generated copy, synthesized audio, and related metadata to AudioClaw/SenseAudio and, when enabled, Feishu. Before using Feishu delivery, verify the destination chat, use least-privilege API and Feishu credentials, and make sure the sibling Feishu helper and shared AudioClaw modules in the install tree are trusted and pinned.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script walks parent directories, finds a matching _shared/senseaudio_env.py file, prepends that directory to sys.path, and imports and executes it before doing any transcription work. That creates an unnecessary code-execution hook: if an attacker can place or alter that shared file anywhere in the ancestor path, arbitrary Python code runs in the script's trust context, potentially exposing credentials or altering behavior.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow instructs the agent to save user audio locally and optionally send synthesized audio to Feishu, but it provides no explicit privacy notice, retention policy, or consent checkpoint. Voice memos and generated voice content can contain personal, commercial, or biometric-sensitive data, so silent local persistence and third-party transmission materially increase privacy and compliance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill states that a login-like token may be replaced with a real `sk-...` API key read from `~/.audioclaw/workspace/state/senseaudio_credentials.json`, which means the skill can access locally stored secrets outside the user's immediate input. Secret retrieval from local state without prominent disclosure and consent expands the blast radius of compromise and may expose credentials through misuse, logging, or unintended script behavior.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The default prompt uses broad trigger conditions for automatically sending Feishu audio messages based on loosely defined user phrases. This creates a prompt-level action ambiguity where the agent may send outbound content without a clear confirmation step, increasing the risk of unintended message delivery, spammy behavior, or disclosure of generated audio into an external communication channel.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document instructs users to send recorded audio briefs to a third-party ASR service but does not disclose that potentially sensitive voice data will leave the local environment. In a marketing and sales context, these recordings may contain personal data, confidential campaign details, or customer information, so the omission creates a real privacy and compliance risk rather than a purely informational issue.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This script sends arbitrary manifest text to an external TTS service without any in-code consent prompt, warning, or sensitivity check. In this skill's context, users may provide ad copy, spoken briefs, or transcribed voice-memo content that could contain confidential campaign plans, customer data, or regulated information, so silent transmission creates a real privacy and compliance risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal