ClawHub

Novel To Audiobook Hznuyx17

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: convert user-provided novel chapters into MP3 audiobooks using DeepSeek and MiniMax, with privacy considerations but no hidden or destructive behavior found.

Install only if you are comfortable sending the chapter text to DeepSeek and MiniMax and storing API keys in the skill configuration. Avoid using it for confidential, unpublished, or contract-restricted manuscripts unless those providers' terms and retention practices are acceptable, and review output paths before running so files are written where you expect.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to read user-supplied chapter files, write temporary and final MP3/JSON outputs, and call external APIs, but it does not declare corresponding permissions. This creates a capability/expectation mismatch that can lead to unintended file access, silent data exfiltration to third parties, or unsafe writes to arbitrary paths if the runtime relies on declared permissions for user awareness or enforcement.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script sends full chapter text to DeepSeek's external API, but neither the code comments nor the skill description disclose this third-party transmission. That creates a real privacy and data-handling risk, especially for unpublished, copyrighted, or sensitive manuscript content users may assume is processed locally.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow sends full chapter text and derived segment data to DeepSeek and MiniMax for analysis, TTS, and music generation without an explicit privacy warning or informed user consent. Because chapter files may contain unpublished manuscripts, personal notes, or other sensitive content, this can result in unintended third-party disclosure, retention, or compliance issues.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Chapter content is transmitted to a third-party API without any explicit warning or consent mechanism in this workflow. In the context of a novel-to-audiobook skill, users are likely to upload proprietary or unpublished text, so silent disclosure materially increases confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script transmits full segment text to a third-party TTS service over the network, but the skill description and code do not clearly disclose that user-provided novel content leaves the local environment. This creates a real privacy and data-handling risk, especially if users process unpublished, copyrighted, or sensitive text under the assumption the conversion is local-only.

Ssd 1

Medium
Confidence
89% confidence
Finding
Untrusted chapter text is concatenated directly into the model prompt without clear delimitation or stronger instruction isolation, so crafted chapter content can try to override the analysis task and cause malformed or manipulated output. In this skill, that could corrupt speaker segmentation, mood labels, or downstream audiobook generation behavior, reducing integrity and potentially triggering unsafe pipeline behavior if later stages trust the model output.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal