ClawHub

claw-voice-local

Security checks across malware telemetry and agentic risk

Overview

This skill appears to make local voice audio, but it also includes Telegram uploading with bot credentials despite offline/local framing.

Install only if you intend to send generated voice notes through Telegram and are comfortable providing a bot token and chat ID. Treat generated audio and any captions as data that may leave your machine when the send feature is used, and avoid pointing output paths at important existing files unless overwrite behavior is fixed or clearly controlled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
)

        # ffmpeg: WAV → OGG Opus (Telegram-compatible)
        subprocess.run(
            [
                "ffmpeg", "-y",
                "-i", str(wav_path),
Confidence
65% confidence
Finding
subprocess.run( [ "ffmpeg", "-y", "-i", str(wav_path), "-c:a", "libopus", "-b:a", "32k", "-vbr", "on

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises capabilities that include environment access, file reads, shell execution, and network use, but does not declare corresponding permissions. This weakens transparency and consent controls, making it easier for a user or orchestrator to approve a skill without realizing it can access secrets, invoke local binaries, and send data externally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill claims operation 'without internet connectivity' and 'fully offline,' yet it sends audio/messages through the Telegram Bot API, which necessarily requires network access and transmits content to Telegram servers. This is a material description-behavior mismatch that can cause users to expose sensitive text or audio under a false privacy assumption.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill metadata emphasizes offline/local voice-message conversion, but this file performs a live upload to Telegram using a bot token. That mismatch is security-relevant because users or orchestrators may grant the skill broader trust than warranted, causing audio content and metadata to be transmitted externally despite an 'offline' framing.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The code loads TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID from environment variables to perform remote API actions, which exceeds a strictly local/offline TTS function. In an agent environment, access to ambient credentials increases the risk of unauthorized message sending or unintended use of privileged bot capabilities if the skill is invoked in the wrong context.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation does not clearly warn that generated speech and associated content will be uploaded to Telegram when sending voice notes. In a messaging skill, missing disclosure increases the risk of accidental exfiltration of sensitive data because users may assume local-only processing from the 'offline' framing.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The ffmpeg command includes -y and writes to a path controlled by --output, so existing files can be overwritten without additional warning or confirmation. In an agent setting, this can cause unintended destruction or replacement of local files if the output path is influenced incorrectly.

External Transmission

Medium
Category
Data Exfiltration
Content
"""Upload OGG file as Telegram voice message. Returns API response dict."""
    import urllib.request

    url = f"https://api.telegram.org/bot{bot_token}/sendVoice"
    boundary = "----ClawVoiceBoundary"

    def _field(name: str, value: str) -> bytes:
Confidence
96% confidence
Finding
https://api.telegram.org/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal