ClawHub

Talking Circle

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it needs review because one cloud TTS mode disables HTTPS certificate checks while handling credentials and the scripts install unpinned packages at runtime.

Review before installing. Prefer audio-to-video mode or ElevenLabs mode in a trusted environment, avoid SaluteSpeech mode until TLS verification is fixed, do not send private or regulated text to cloud TTS providers unless their policies are acceptable, and consider installing pinned dependencies yourself instead of relying on runtime pip installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
subprocess.run(["python3", "-m", "venv", str(venv_dir)], check=True)
    pip = venv_dir / "bin" / "pip"
    req = Path(__file__).resolve().parents[1] / "requirements.txt"
    subprocess.run([str(pip), "install", "--quiet", "-r", str(req)], check=True)
    return str(py)
Confidence
77% confidence
Finding
subprocess.run([str(pip), "install", "--quiet", "-r", str(req)], check=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if py.exists():
        return str(py)

    subprocess.run(["python3", "-m", "venv", str(venv_dir)], check=True)
    pip = venv_dir / "bin" / "pip"
    req = Path(__file__).resolve().parents[1] / "requirements.txt"
    subprocess.run([str(pip), "install", "--quiet", "-r", str(req)], check=True)
Confidence
86% confidence
Finding
subprocess.run(["python3", "-m", "venv", str(venv_dir)], check=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
subprocess.run(["python3", "-m", "venv", str(venv_dir)], check=True)
    pip = venv_dir / "bin" / "pip"
    req = Path(__file__).resolve().parents[1] / "requirements.txt"
    subprocess.run([str(pip), "install", "--quiet", "-r", str(req)], check=True)
    return str(py)
Confidence
83% confidence
Finding
subprocess.run([str(pip), "install", "--quiet", "-r", str(req)], check=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill documentation indicates capabilities to access environment variables, write files, invoke shell commands, and make network requests, yet no explicit permissions are declared in the metadata. This creates a trust and review gap: a user or platform may approve the skill without understanding that it can access API keys, call external TTS services, install dependencies, and execute local tooling such as ffmpeg or pip.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly instructs users to generate speech via ElevenLabs or SaluteSpeech, which necessarily sends user-provided text to third-party services, but it does not clearly warn about privacy, data-sharing, retention, or provider-side processing. In an assistant skill context, users may submit sensitive personal or business text through the agent without realizing it leaves the local environment, making this a real transparency and privacy issue.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The code globally disables urllib3 TLS warnings and later performs HTTPS requests with certificate verification disabled. This makes man-in-the-middle attacks harder for users to notice and undermines the confidentiality of OAuth credentials, tokens, and generated content sent to the remote API.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends user-supplied text and an API credential to ElevenLabs, an external third party, without any in-code consent, warning, or policy gating. In an agent skill context this is a meaningful privacy and data-handling risk because users may not expect their prompts or potentially sensitive content to leave the local environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal