ClawHub

senseaudio-floating-audio-assistant

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed macOS audio-assistant skill that captures system audio for subtitles and SenseAudio processing, with privacy-sensitive use that users should understand.

Install only if you intend to route macOS system audio through BlackHole/Multi-Output Device and use SenseAudio/AudioClaw services. Avoid running it during confidential calls, protected media, or other people's speech unless you have consent, and use the stop script when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README promotes system-audio capture, floating subtitles, and transcript preservation but does not warn users that meetings, videos, or other desktop audio may contain sensitive or third-party content. In a desktop assistant skill, missing privacy disclosure increases the risk of accidental recording, retention, or onward processing of confidential information without informed user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The quickstart explicitly describes capturing system audio and streaming ASR to SenseAudio, but it does not present this as a user-facing warning or consent requirement. Because system audio may contain sensitive meetings, notifications, DRM-protected media, or other private content, omitting a clear disclosure increases the risk of unintended third-party data transmission.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The live TTS probe transmits arbitrary user-supplied text to a third-party API together with a bearer token, which creates a real data egress path during what is presented as a diagnostic smoke test. While this appears intended for legitimate testing, the script does not require an explicit acknowledgement about external transmission or restrict the text content, so sensitive input could be sent off-host unintentionally.

Credential Access

High
Category
Privilege Escalation
Content
def main() -> int:
    args = parse_args()
    env_file = Path(args.env_file).expanduser().resolve() if args.env_file else workspace_dir() / ".env"
    load_dotenv(env_file)
    diagnostics = {
        "skill": "senseaudio-floating-audio-assistant",
Confidence
70% confidence
Finding
.env"

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal