ClawHub

ListenHub

Security checks across malware telemetry and agentic risk

Overview

This media-generation skill is mostly purpose-aligned, but its image script can install system packages and persist API keys in shell startup files.

Install only if you are comfortable with shell scripts sending your submitted content, URLs, prompts, and reference-image URLs to ListenHub/Marswave/Labnana services. Review scripts/generate-image.sh before use; prefer setting LISTENHUB_API_KEY temporarily or through OpenClaw config, and avoid letting the script write credentials into shell startup files or install packages automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill explicitly instructs the agent to execute shell scripts and make networked API requests, but no permissions are declared. This creates a transparency and least-privilege problem: users and the platform cannot accurately assess or constrain the skill's capabilities before execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented behavior omits materially risky actions noted by static analysis, including writing to shell startup files, interactive configuration, package-manager installs, local file creation, and use of a third-party image service outside the stated ListenHub boundary. This mismatch is dangerous because it can lead to persistent environment modification, unreviewed dependency installation, and unexpected data flow to external services under misleading documentation.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The script goes beyond transient image generation by interactively collecting configuration and persisting secrets and settings into shell startup files. That creates lasting system changes and stores credentials on disk in plaintext, which is risky for a content-generation skill and expands the blast radius if the account or filesystem is later compromised.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script automatically executes package-manager commands, including privileged installs, to modify the host system. For an image-generation helper this is unnecessary and dangerous because it can trigger privileged changes, unexpected software installation, and supply-chain exposure without meaningful user consent.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill is presented as a ListenHub integration but the code targets Labnana/Marswave endpoints and branding. This mismatch undermines trust and informed consent because users may provide credentials and data under false assumptions about the recipient service and processing path.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The helper script silently reads LISTENHUB_API_KEY from ~/.zshrc or ~/.bashrc when the environment variable is unset. This expands the skill's access beyond its stated interface and reaches into user shell configuration without explicit disclosure or consent, which is risky because shell startup files may contain other sensitive data and users do not expect a media-generation skill to inspect them.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The code comments/documentation indicate the key should come from LISTENHUB_API_KEY, but the implementation also loads it from shell startup files. This mismatch undermines informed consent and makes the skill's real behavior less transparent, which can conceal sensitive-file access from users and reviewers.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger examples are broad everyday phrases like 'read this aloud' and 'generate an image', which increases the chance the skill activates in situations broader than users expect. Overbroad activation can cause unintended shell execution, outbound network requests, and transfer of user-provided content to third-party services.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The mode-detection phrases such as 'explain', 'introduce', 'video', and 'tutorial' are too generic to safely drive automatic tool selection. In context, this can cause accidental invocation of networked shell scripts on ordinary conversational requests, expanding exposure of user data and increasing unintended side effects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends the full user-provided JSON body, including script content, to ListenHub via an external API call without any explicit disclosure, confirmation, or guardrail at the point of transmission. In a skill that may process arbitrary text, articles, or other potentially sensitive material, this can cause unintended exfiltration of private or proprietary content to a third party.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script transmits user-supplied text or URLs to the external ListenHub API via `api_post` without any in-script notice, confirmation, or data-handling warning at the point of use. In a skill that may process articles, arbitrary text, or URLs, this creates a real privacy and data-governance risk because users may unknowingly send sensitive or proprietary content to a third party.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script writes the API key directly into shell startup files without a prominent warning that a sensitive credential will be stored persistently in plaintext. This can expose the key to local users, backups, shell-history-adjacent inspection, and accidental disclosure through dotfile syncing.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script automatically installs missing packages by invoking system package managers without explicit confirmation. That creates non-obvious host modifications and may run privileged operations, which is unsafe in a skill that users expect to only generate images.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script transmits prompts, reference image URLs, and the API key to a remote service but does not clearly warn the user at the point of use that their content leaves the local machine. In this skill context remote processing is expected, but lack of disclosure is still a security and privacy issue because prompts and URLs may contain sensitive material.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script accesses credential material from user shell config files without any user-facing runtime notice. Even though it targets a single variable, undisclosed credential harvesting behavior is sensitive and inappropriate for a helper library because it normalizes secret access outside the declared input surface.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal