ClawHub

Plaud Unofficial Skill

Security checks across malware telemetry and agentic risk

Overview

This Plaud helper appears purpose-built, but it asks users to copy a long-lived browser session token into a local plaintext file without enough safeguards.

Install only if you are comfortable giving this local helper access to Plaud recordings, transcripts, summaries, and tags. Treat the Plaud token as a password: store `.env` privately, avoid sharing logs or screenshots that include it, rotate or revoke the session if exposed, and use bulk download only when you intend to copy all recordings onto the machine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The documentation exposes reverse-engineered API capabilities and storage paths that extend beyond the narrow stated skill purpose of accessing recordings, transcripts, and summaries. In a skill context, this broadens operator access to sharing metadata, internal content storage, and auxiliary endpoints in ways that can facilitate over-collection or misuse of user data.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill documents extracting bearer tokens from browser localStorage, which is highly sensitive credential material, and presents it as an authentication method. This encourages credential harvesting from a live browser session and can enable full account access to recordings, transcripts, summaries, and other private user data if copied or mishandled.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
Guidance to inspect browser localStorage and similar client-side internals is not necessary for normal consumption of recorder data and normalizes accessing implementation details outside supported interfaces. This increases the risk of unauthorized data discovery, credential exposure, and fragile integrations built on private application state.

Vague Triggers

Low
Confidence
71% confidence
Finding
The file ID acquisition guidance is broadly phrased and includes sources like URLs, app state, and DevTools without clarifying that only the current authorized user's data may be accessed. While not directly an exploit, it weakens access-boundary expectations and can encourage indiscriminate enumeration or collection of identifiers.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation discusses bearer tokens and access to private recordings and transcripts without warning that these are sensitive credentials and sensitive personal data. In a skill that handles voice recordings and AI summaries, omission of privacy and account-sensitivity warnings materially increases the likelihood of unsafe handling, disclosure, or overbroad access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions tell users to copy a live bearer token from browser localStorage into a plaintext `.env` file without warning that the token grants account access and must be protected. This increases the chance of accidental disclosure through shell history, backups, file sharing, screenshots, or permissive filesystem access.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script instructs users to extract an auth token from browser localStorage and paste it into the CLI without warning that this bearer token grants direct account access. That practice encourages unsafe credential handling, increases the chance of token leakage via shell history or copied text, and normalizes reuse of a web session token outside its original context.

Ssd 3

High
Confidence
98% confidence
Finding
The skill instructs the user to extract a live authentication token from browser storage and paste it into local files for later use. That is direct credential handling guidance for a token that can likely access recordings, transcripts, and summaries, so compromise would expose sensitive personal or business audio data.

Ssd 3

High
Confidence
97% confidence
Finding
The document provides explicit examples showing that the full bearer token, including prefix and contents, should be copied and preserved. This normalizes disclosure of full credentials and can lead users to reveal or log complete tokens in terminals, notes, screenshots, or support channels.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
python-dotenv>=1.0.0
Confidence
93% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
python-dotenv>=1.0.0
Confidence
90% confidence
Finding
python-dotenv>=1.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
71% confidence
Finding
python-dotenv

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal