ClawHub

liber-speechapi

Security checks across malware telemetry and agentic risk

Overview

This speech skill does what it claims, but it handles voice data and API credentials in ways users should review before installing.

Install only if you trust the configured Liber SpeechAPI backend with your audio, transcripts, TTS text, and any voice-clone reference audio. Set your own HTTPS LIBER_API_BASE_URL and LIBER_API_KEY from a trusted secret source, avoid relying on workspace .env files, review the external backend before running its setup scripts, and use voice cloning only with clear permission from the speaker.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation tells users to place a live API key in a .env file but does not warn against committing that file to source control, sharing it, or otherwise exposing credentials. This can lead to accidental credential leakage and unauthorized use of the SpeechAPI, especially because documentation often gets copied verbatim into real deployments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow explicitly routes user-provided audio and derived transcripts to external ASR/TTS services, but it provides no notice, consent step, retention guidance, or data-handling constraints. Because voice and transcript content can contain sensitive personal or confidential information, silent transmission to third-party services creates a real privacy and compliance risk in normal operation, not just under active exploitation.

Credential Access

High
Category
Privilege Escalation
Content
# Finally, try loading from local .env files (skill directory or current working directory)
    if not base_url or not api_key:
        for candidate in (skill_dir / ".env", Path.cwd() / ".env"):
            load_dotenv(candidate)
            base_url = os.getenv("LIBER_API_BASE_URL", "").strip().rstrip("/")
            api_key = os.getenv("LIBER_API_KEY", "").strip()
Confidence
78% confidence
Finding
.env"

Credential Access

High
Category
Privilege Escalation
Content
# Finally, try loading from local .env files (skill directory or current working directory)
    if not base_url or not api_key:
        for candidate in (skill_dir / ".env", Path.cwd() / ".env"):
            load_dotenv(candidate)
            base_url = os.getenv("LIBER_API_BASE_URL", "").strip().rstrip("/")
            api_key = os.getenv("LIBER_API_KEY", "").strip()
Confidence
78% confidence
Finding
.env"

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
Confidence
96% confidence
Finding
requests>=2.31.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
88% confidence
Finding
requests

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal