ClawHub

Podcast Intel

Security checks across malware telemetry and agentic risk

Overview

This podcast skill does what it claims, but users should understand it can send podcast audio and transcript text to AI services and store listening history locally.

Install only if you are comfortable with configured podcast feeds being fetched, podcast audio and transcript text being sent to OpenAI-compatible services unless local mode is used, and transcripts plus listening-history summaries being stored under ~/.openclaw. Use trusted feeds, review OPENAI_BASE_URL if set, prefer a virtual environment, use --dry-run when you do not want diary writes, and clear the podcast-intel cache or diary if the stored history is sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (16)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly states the skill uses external services for transcription and LLM analysis, which implies podcast audio and derived transcript content may be sent to third-party APIs. Although this is core functionality rather than malicious behavior, the privacy implications are under-emphasized and users may not realize copyrighted, sensitive, or personal audio content is leaving the local machine.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation phrases are broad enough to trigger on many generic podcast-related requests, which can cause the skill to run when the user did not explicitly ask for this particular pipeline. In this skill, unintended invocation is more concerning because the tool can fetch feeds, transcribe content, call external APIs, and append to a local diary, so accidental activation may lead to unnecessary data processing and side effects.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The description mentions maintaining and appending to a local consumption diary, but it does not clearly warn users up front that using the skill causes persistent local storage of their podcast activity. This creates a transparency and privacy issue because users may unknowingly leave behind a durable record of interests and listening behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill requires an external API key and describes transcription and analysis, but it does not clearly disclose that podcast audio or derived transcript content may be sent to third-party services for processing. This is dangerous from a privacy and compliance perspective because users may assume analysis is local when episode content and related metadata are actually transmitted externally.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code sends `full_text` transcript content to an external OpenAI-compatible API in `segment_with_llm` without any explicit consent gate, warning, or data-classification check. Because transcripts may contain sensitive or proprietary information, this creates a real privacy and data-governance risk, especially when users may assume processing is local.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The script caches segmentation output derived from transcripts to local storage without notifying the user or offering a way to disable persistence. Even though it stores processed results rather than the full raw transcript, topic labels, summaries, and entities can still reveal sensitive information and may remain on disk longer than intended.

Unpinned Dependencies

Low
Category
Supply Chain
Content
feedparser>=6.0
openai>=1.0
pydantic>=2.0
pyyaml>=6.0
Confidence
97% confidence
Finding
feedparser>=6.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
feedparser>=6.0
openai>=1.0
pydantic>=2.0
pyyaml>=6.0
numpy>=1.24
Confidence
97% confidence
Finding
openai>=1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
feedparser>=6.0
openai>=1.0
pydantic>=2.0
pyyaml>=6.0
numpy>=1.24
httpx>=0.27
Confidence
97% confidence
Finding
pydantic>=2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
feedparser>=6.0
openai>=1.0
pydantic>=2.0
pyyaml>=6.0
numpy>=1.24
httpx>=0.27
Confidence
98% confidence
Finding
pyyaml>=6.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0
pydantic>=2.0
pyyaml>=6.0
numpy>=1.24
httpx>=0.27
Confidence
96% confidence
Finding
numpy>=1.24

Unpinned Dependencies

Low
Category
Supply Chain
Content
pydantic>=2.0
pyyaml>=6.0
numpy>=1.24
httpx>=0.27
Confidence
97% confidence
Finding
httpx>=0.27

Known Vulnerable Dependency: feedparser — 10 advisory(ies): CVE-2011-1157 (feedparser Cross-site Scripting vulnerability); CVE-2009-5065 (feedparser Cross-site Scripting vulnerability); CVE-2011-1158 (feedparser Cross-site Scripting vulnerability) +7 more

High
Category
Supply Chain
Confidence
64% confidence
Finding
feedparser

Known Vulnerable Dependency: pydantic — 3 advisory(ies): CVE-2021-29510 (Use of "infinity" as an input to datetime and date fields causes infinite loop i); CVE-2024-3772 (Pydantic regular expression denial of service); CVE-2021-29510 (Pydantic is a data validation and settings management using Python type hinting.)

High
Category
Supply Chain
Confidence
72% confidence
Finding
pydantic

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
83% confidence
Finding
pyyaml

Known Vulnerable Dependency: httpx — 2 advisory(ies): CVE-2021-41945 (Improper Input Validation in httpx); CVE-2021-41945 (Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `http)

Critical
Category
Supply Chain
Confidence
86% confidence
Finding
httpx

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal