ClawHub

deepsop-声音克隆助手

Security checks across malware telemetry and agentic risk

Overview

This voice-cloning skill does what it claims, but it exposes a likely real API key and handles sensitive voice data with weak consent and privacy guardrails.

Review this skill carefully before installing. Do not use the included API key; it should be considered exposed and revoked. Only upload voices you are authorized to use, assume local recordings and generated speech may leave your machine and become accessible through service URLs, and prefer a version that adds explicit consent prompts, privacy/retention documentation, and impersonation restrictions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documentation includes what appears to be a real API key in plaintext, directly contradicting its own guidance not to commit secrets. Exposed credentials can be harvested from repositories or logs and used to access paid APIs, consume quota, or interact with the associated account.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises automatic audio upload and voice cloning but does not clearly warn users that local audio and synthesis text will be transmitted to an external third-party service. In a voice-cloning context, uploaded samples may contain biometric voice data and sensitive speech content, so inadequate disclosure can lead to uninformed sharing of highly sensitive personal data.

Vague Triggers

Medium
Confidence
80% confidence
Finding
Overly broad trigger phrases increase the chance that the skill activates unintentionally during ordinary conversation. In a skill that can upload audio, clone voices, and perform networked operations, accidental invocation can lead to privacy-impacting actions or unintended API usage.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill promotes cloning voices, including those of leaders or celebrities, without clear warnings about consent, authorization, impersonation, or privacy risk. In this context, lack of guardrails materially increases the likelihood of misuse for fraud, harassment, or unauthorized biometric/voice replication.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation enables uploading local voice recordings, cloning voices, and returning directly accessible OSS URLs without any mention of consent, authorization, retention, or access controls. In a voice-cloning skill, this omission is security-relevant because it normalizes processing biometric voice data and sharing potentially public audio links, which can facilitate impersonation, privacy violations, and unauthorized disclosure of sensitive recordings.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill uploads user-provided audio to a remote service for voice cloning without any explicit consent flow or warning that biometric voice data leaves the local environment. Voiceprints are sensitive personal data, and silent transmission to a third-party API can create privacy, compliance, and impersonation risks, especially in a voice-cloning context.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal