ClawHub

灵犀Note录音文件查询

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to query Lingxi Note recordings, but it handles sensitive transcripts and audio links with broad default retrieval and weak credential-handling guidance.

Review before installing. Use this only with a Lingxi account whose recordings you are authorized to access, avoid invoking it in shared chats, and treat returned transcripts, summaries, audio URLs, and analytics as private. Do not display the full API key in terminals or screen shares; store it with restrictive file permissions and rotate it if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The natural-language trigger set includes overly broad phrases such as '配置' that can collide with ordinary conversation, causing the skill to activate unexpectedly. Because this skill accesses private recording metadata and details, accidental invocation can expose sensitive audio-derived content or send requests to external APIs without the user's clear intent.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The routing rule uses a default fallback ('other cases default to `/lyk list`'), which makes activation boundaries unclear and can convert ambiguous user text into a live query. In a privacy-sensitive skill for sales and meeting recordings, this increases the chance of unauthorized or unintended retrieval of sensitive information.

Missing User Warnings

Medium
Confidence
77% confidence
Finding
The skill handles highly sensitive recording data, including transcripts, summaries, action items, and public audio URLs, but the user-facing skill description does not prominently warn about privacy and transmission risks. This omission can lead users to invoke the skill in unsafe contexts or misunderstand that private conversational data may be fetched and displayed through an external service.

Missing User Warnings

High
Confidence
98% confidence
Finding
The document explicitly instructs users to reveal and inspect the API key via shell commands and to store it in a plaintext local configuration file without any warning about secrecy, masking, file permissions, or safer secret-handling practices. This increases the risk of credential exposure through terminal history, screen sharing, logs, shoulder surfing, or insecure file permissions, which could allow unauthorized access to the Lingxi API.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation exposes a workflow for retrieving recording lists and fields such as publicUrl, transcripts, summaries, speaker mappings, emotion analysis, and meeting minutes, all of which are highly privacy-sensitive. Because the skill explicitly states there is no separate detail endpoint and that the list response already contains full analysis data, it encourages broad access to sensitive content without any warning, minimization guidance, or access-control considerations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal