ClawHub

Ambient Audio

Security checks across malware telemetry and agentic risk

Overview

This skill is a local ambient-audio player with some process-control safety caveats, but no evidence of hidden data access, exfiltration, or malicious behavior.

Install only on a machine where audible playback is acceptable. Verify or generate the missing samples before use, use explicit commands rather than broad voice phrases, and be aware that the stop command can force-kill matching ffplay processes instead of only stopping its own tracked player.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The documentation materially misrepresents behavior: it claims algorithmic generation with ffmpeg and "no copyright issues," while the described implementation uses prerecorded MP3 samples and a stop action that may kill matching ffplay processes system-wide. This can cause unsafe trust decisions by users or orchestrators, and the process-killing behavior can interfere with unrelated workloads on shared hosts.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The suggested voice triggers are very broad phrases such as "Stop" and common conversational requests, which increases the chance of accidental invocation by an assistant in normal dialogue. In a voice-activated or agentic environment, this can lead to unintended command execution, including stopping playback or starting audio unexpectedly.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script uses broad, forceful termination via `pkill -9 -f "ffplay.*focus-audio"` and unconditionally removes a PID file. This can kill unintended processes whose command lines match the pattern, and `SIGKILL` prevents graceful cleanup; in a shared or multi-process environment this creates a denial-of-service risk beyond the intended audio player. The ambient-audio context lowers suspicion of malicious intent, but does not eliminate the safety risk from unsafe process targeting.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal