ClawHub

Simple sound-to-text skill locally

Security checks across malware telemetry and agentic risk

Overview

This local transcription skill appears legitimate, but it needs Review because installation can change system packages and transcript files are not safely constrained to the documented output folder.

Install only if you are comfortable with the setup script changing system packages to add FFmpeg and downloading Whisper dependencies/models. Use simple session IDs with only letters, numbers, dashes, or underscores, and treat generated transcripts as sensitive local files until the path validation issue is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The installer invokes system package managers to install FFmpeg at the OS level, which exceeds a narrowly scoped Python skill install and modifies the host outside an isolated environment. While FFmpeg is plausibly required for audio processing, doing unattended apt/yum/brew operations can change system state, pull unpinned packages from network repositories, and require elevated privileges, increasing supply-chain and operational risk.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The unvalidated session_id is concatenated directly into the output path, so a value containing path traversal sequences such as '../' can escape the intended base directory and cause files to be written to arbitrary locations writable by the process. In an agent or multi-tenant environment, this breaks isolation guarantees and could overwrite or place sensitive transcript data outside the designated workspace.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script unconditionally deletes the existing virtual environment directory with rm -rf before recreating it, without user confirmation or backup. This can destroy prior packages, configuration, or local modifications in that path, and is especially risky in shared or multi-agent environments where reuse of the directory may be expected.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal