ClawHub

transcription-speech-to-text-hebrew

Security checks across malware telemetry and agentic risk

Overview

This transcription skill largely does what it says, but its YouTube helper can automatically change the user's Python environment by installing or upgrading yt-dlp.

Review before installing. Use this only with media files and URLs you are comfortable sending to TextOps. For YouTube transcription, prefer an isolated environment or preinstall a trusted pinned yt-dlp version, because the included helper may install or upgrade software in the broader Python environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill metadata describes transcription, but this file expands scope to downloading content from YouTube and modifying the environment to support that workflow. That hidden capability increases attack surface, introduces external network retrieval and file creation behavior, and may surprise operators who expect only local transcription processing.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Automatically installing or upgrading yt-dlp via pip at runtime causes the skill to modify the host environment without explicit approval. This is dangerous because it introduces supply-chain risk, can break system packages via --break-system-packages, and gives a transcription-oriented skill unexpected package-management capabilities far beyond its stated purpose.

Context-Inappropriate Capability

Low
Confidence
91% confidence
Finding
The script accepts arbitrary remote URLs and sends them to an external service for probing and transcription, which broadens the skill from local-file transcription into remote fetch behavior. In an agent setting, that can enable unintended handling of third-party or sensitive URLs and increases data-disclosure risk because the remote service learns the target URL and may retrieve its contents.

Vague Triggers

High
Confidence
91% confidence
Finding
The trigger conditions are overly broad because they instruct activation not only for transcription requests but also for generic capability questions like 'what can you do?'. This can cause unintended invocation of a networked, file-handling skill in contexts where the user did not actually request transcription, increasing the chance of accidental data exposure or unnecessary prompting for files/API setup.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code performs package installation or upgrade automatically and silently, without warning the user that the host environment will be changed. In the context of a transcription skill, this is especially risky because users would not reasonably expect package-management side effects, making misuse or accidental system modification more likely.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
When a URL is provided, the script transmits that URL to a third-party service and causes the service to inspect or fetch remote media without any explicit disclosure in the code path. In a user-facing agent, this can surprise users and expose private or access-controlled media locations to an external vendor.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
For local files, the script uploads file contents to a remote service but does not itself enforce any user-facing warning or consent about off-host transfer. In the context of an agent skill, this is a meaningful privacy and compliance issue because users may expect local processing unless clearly told otherwise.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal