ClawHub

Fieldy AI Webhook

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does the Fieldy webhook integration it describes, but it persistently saves raw transcript text locally in a broader way than the documentation clearly states.

Install only if you are comfortable with Fieldy transcript text being stored locally under the workspace. Review or edit src/fieldy-webhook.js before use if you want no logging, wake-word-only logging, redaction, or retention limits. Use a strong webhook token, prefer an Authorization header over query parameters when possible, and limit the target agent's authority because valid webhook requests can trigger agent runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill documentation describes behavior that depends on environment/filesystem-derived context and a transform module with code capabilities, but no permissions declaration is presented alongside it. That mismatch can cause operators to enable a skill with broader access than expected, weakening review and consent around environment and local file access.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The stated purpose is only wiring a webhook transform, but the described behavior also includes transcript logging, wake-word parsing, agent triggering, and workspace discovery/access. This broader behavior increases the risk of users deploying the skill without understanding that it stores user data and can autonomously trigger agent actions based on inbound content.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill description says it wires a webhook transform into hooks, but the implementation also persistently stores full voice transcripts to workspace files. That creates an undisclosed data-retention behavior for potentially sensitive spoken content, increasing privacy and leakage risk if the workspace is shared, synced, or later exfiltrated.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Archiving transcripts locally is a meaningful capability expansion beyond simple webhook transformation, and it handles sensitive user-generated data without an evident need in the stated skill context. In an agent workspace, these logs may be accessible to other tools, committed to source control, or retained indefinitely, making accidental disclosure more likely.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states that transcripts without the wake word are logged to JSONL files, but it does not clearly present this as a privacy-sensitive data retention feature. Users may unknowingly store potentially sensitive voice/text content on disk, creating exposure through local compromise, backups, or over-retention.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The code writes transcript text to disk without any visible user-facing warning, consent mechanism, or disclosure in the skill itself. Because transcripts may contain private conversations, credentials, or personal data, silent persistence materially raises privacy and compliance risk.

Ssd 3

Medium
Confidence
94% confidence
Finding
Persistently logging plain-language voice transcripts creates a durable repository of sensitive content that can be read by anyone with workspace access. In this context, the danger is elevated because agent workspaces are often reused by multiple components and may be backed up, synced, or inspected, turning transient voice input into long-lived searchable data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal