Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ListenHub
v0.6.0Turn ideas into podcasts, explainer videos, voice narration, and AI images via ListenHub. Use when the user wants to "make a podcast", "create an explainer v...
⭐ 0· 3.1k·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md and user-facing text repeatedly point to listenhub.ai and instruct the user to set LISTENHUB_API_KEY from https://listenhub.ai. However the code calls API endpoints on other domains (API_BASE=https://api.marswave.ai/openapi/v1 in scripts/lib.sh and https://api.labnana.com in generate-image.sh) and references a third-party client id and GitHub repo (marswaveai). Registry metadata also lists no required env vars while SKILL.md and the scripts require LISTENHUB_API_KEY and optionally LISTENHUB_OUTPUT_DIR. The domains/auth headers used in requests do not align with the ListenHub domain named in the description — this is incoherent and could result in keys being sent to unexpected services.
Instruction Scope
The runtime instructions enforce using the provided scripts only, and those scripts do more than call a single API: they read, parse, and write shell rc files (~/.zshrc, ~/.bashrc, ~/.profile) to load or persist API keys and output path, perform a remote version check (curl to raw.githubusercontent.com), validate and accept arbitrary input files/URLs, and can poll long-running jobs. The scripts therefore access and modify user configuration outside the skill directory and perform network calls beyond the named ListenHub service.
Install Mechanism
There is no formal install spec, but generate-image.sh contains logic to auto-install missing dependencies (jq, curl) using system package managers (brew, apt-get, yum, dnf, pacman, choco, scoop) and will eval install commands. That behavior means running the scripts may execute privileged package-manager operations on your machine; the auto-install paths and remote version check also cause outgoing network requests to third-party hosts (GitHub, marswave/labnana APIs).
Credentials
SKILL.md and scripts require an API key (LISTENHUB_API_KEY) and optionally LISTENHUB_OUTPUT_DIR, but the registry metadata omitted required env vars — an inconsistency. More importantly, the key requested for 'ListenHub' will be used in requests to api.marswave.ai and api.labnana.com according to the scripts, meaning your key could be transmitted to domains that don't match the user-facing service name. Scripts also search and modify multiple shell rc files to read/write those values (persistence of secrets to disk).
Persistence & Privilege
The scripts will write/replace export lines in user shell rc files (e.g., append or sed-replace export LISTENHUB_API_KEY=...) and export values into the runtime environment. They also perform an automatic remote version check (network access). The skill is not 'always:true' so it won't be force-enabled globally, but it does make persistent changes to user configuration without a contained or sandboxed install step — this is a notable privilege and persistence behavior.
What to consider before installing
Do not install or run this skill without clarification. Things to check before proceeding: 1) Ask the publisher to explain why the code posts to api.marswave.ai and api.labnana.com while the SKILL.md says listenhub.ai; confirm which domain will receive your API key. 2) Back up and review your shell rc files — the scripts will write your API key into ~/.bashrc or ~/.zshrc; prefer setting LISTENHUB_API_KEY in a secure way rather than letting the script write it. 3) Avoid letting the scripts auto-install packages as root; run in a sandbox/container or on a throwaway VM first. 4) If you must test, run the scripts with network monitoring (or in an offline/simulated environment) to confirm endpoints and payloads, and validate that the API key is sent only to the intended ListenHub domain. 5) Prefer a vendor-signed skill or one whose install and endpoints match its documentation. Given the clear mismatches and persistence behavior, treat this skill as untrusted until the author provides a coherent explanation and updates the package metadata and code to align with the documented ListenHub endpoints.Like a lobster shell, security has layers — review code before you run it.
latestvk97b2z9ra8ayr9pme9s2chdpj58238q6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.