ClawHub

qqbot-stt

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real local speech-to-text skill, but users should review it because its instructions point to a differently named skill and it includes under-scoped network/server and dependency risks.

Install only if you can confirm whether qqbot-stt and local-stt refer to the same trusted package. Prefer the localhost-only server.py path, avoid exposing the service to your network without authentication and request limits, pin/audit dependencies, review any trust_remote_code model-loading examples before use, and keep OpenClaw config files with bot secrets private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The endpoint accepts arbitrary uploaded content, writes it to disk, and feeds it to a speech-processing subprocess with no validation of content type, file size, or format. In this context, untrusted media is being handed to a complex external parser/ML pipeline, which increases risk of denial of service and potential exploitation of vulnerabilities in underlying decoders or dependencies.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The service logs the first 80 characters of transcribed user speech, which can expose sensitive or regulated content in application logs. In an STT service, user audio often contains private data, so retaining even partial transcripts increases confidentiality and compliance risk, especially if logs are centralized or broadly accessible.

Unpinned Dependencies

Low
Category
Supply Chain
Content
fastapi
uvicorn
python-multipart
Confidence
97% confidence
Finding
fastapi

Unpinned Dependencies

Low
Category
Supply Chain
Content
fastapi
uvicorn
python-multipart
Confidence
97% confidence
Finding
uvicorn

Unpinned Dependencies

Low
Category
Supply Chain
Content
fastapi
uvicorn
python-multipart
Confidence
97% confidence
Finding
python-multipart

Known Vulnerable Dependency: fastapi — 3 advisory(ies): CVE-2021-32677 (Cross-Site Request Forgery (CSRF) in FastAPI); CVE-2021-32677 (FastAPI is a web framework for building APIs with Python 3.6+ based on standard ); CVE-2024-24762 (FastAPI is a web framework for building APIs with Python 3.8+ based on standard )

High
Category
Supply Chain
Confidence
94% confidence
Finding
fastapi

Known Vulnerable Dependency: uvicorn — 4 advisory(ies): CVE-2020-7694 (Log injection in uvicorn); CVE-2020-7695 (HTTP response splitting in uvicorn); CVE-2020-7694 (This affects all versions of package uvicorn. The request logger provided by the) +1 more

High
Category
Supply Chain
Confidence
95% confidence
Finding
uvicorn

Known Vulnerable Dependency: python-multipart — 5 advisory(ies): CVE-2024-24762 (python-multipart vulnerable to Content-Type Header ReDoS); CVE-2024-53981 (Denial of service (DoS) via deformation `multipart/form-data` boundary); CVE-2026-40347 (python-multipart affected by Denial of Service via large multipart preamble or e) +2 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
python-multipart

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal