ClawHub

Podcastfy Openclaw Skill

Security checks across malware telemetry and agentic risk

Overview

This is a user-directed helper for turning content into AI-generated podcast audio, with privacy cautions around external AI providers and saved output files.

Install only if you are comfortable with the configured Podcastfy, LLM, and TTS providers processing the inputs you supply. Avoid using confidential, regulated, patient, or personal content unless you have permission and have reviewed provider policies; use an explicit output directory and clean up generated files when needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill encourages use of cloud-backed LLM and TTS providers and asks users to configure API keys, but it does not clearly warn that submitted URLs, text, PDFs, images, and YouTube-derived content may be transmitted to third-party services for processing. In a skill that may be used on medical or dental material, this omission can lead to unintended disclosure of sensitive or regulated data to external providers.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documentation states that audio and transcript files are created locally and gives a default output directory, but it does not clearly warn users before execution that running the skill will write generated artifacts to disk. This can create minor privacy and operational issues, especially if outputs contain sensitive source material and are stored in shared or unexpected locations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal