ClawHub

audio-tools

Security checks across malware telemetry and agentic risk

Overview

This audio/video utility mostly matches its stated purpose, but it should be reviewed because it can install Python packages at runtime and uses unsafe dynamic evaluation on media metadata.

Install only if you are comfortable with a local media tool that can write output files, open the system media player, and potentially install unpinned Python packages. Prefer using it in a controlled virtual environment with ffmpeg and Whisper preinstalled, avoid untrusted media for metadata extraction until eval() is removed, and choose transcript/output paths carefully because generated text may contain sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return True
    except ImportError:
        print("⚙️  moviepy 未安装,正在自动安装...")
        result = subprocess.run(
            [sys.executable, "-m", "pip", "install", "moviepy"],
            capture_output=True, text=True
        )
Confidence
95% confidence
Finding
result = subprocess.run( [sys.executable, "-m", "pip", "install", "moviepy"], capture_output=True, text=True )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return True
    except ImportError:
        print("[INFO] openai-whisper not installed, installing...")
        result = subprocess.run(
            [sys.executable, "-m", "pip", "install", "-U", "openai-whisper"],
            capture_output=True, text=True
        )
Confidence
96% confidence
Finding
result = subprocess.run( [sys.executable, "-m", "pip", "install", "-U", "openai-whisper"], capture_output=True, text=True )

eval() call detected

High
Category
Dangerous Code Execution
Content
"codec": stream.get("codec_name"),
                            "width": int(stream.get("width", 0)),
                            "height": int(stream.get("height", 0)),
                            "fps": eval(stream.get("r_frame_rate", "0/1")),  # 如 "30/1" -> 30.0
                            "pixel_format": stream.get("pix_fmt")
                        }
                        break
Confidence
99% confidence
Finding
"fps": eval(stream.get("r_frame_rate", "0/1")), # 如 "30/1" -> 30.0

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill performs automatic package installation for MoviePy, which exceeds the expected scope of a local media utility and alters the runtime environment without explicit user approval. In agent settings this is risky because it introduces network fetches, supply-chain exposure, and persistent system changes.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The Whisper helper also self-installs a package at runtime, creating unexpected network and package-management behavior beyond simple transcription. This broadens the skill's operational scope and can import unreviewed code into the execution environment.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Broad trigger phrases increase the chance that the skill activates on ordinary language rather than clear, intentional requests. In this skill, accidental activation can lead to local file reads, media playback, file creation, and possible dependency checks or installation behaviors, making unintended execution materially risky.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The transcription feature writes JSON/TXT outputs that may contain sensitive spoken content, timestamps, and confidence metadata, but the skill does not warn users about privacy implications or persistence on disk. This can expose confidential conversations, personal data, or regulated content if outputs are stored in shared or default directories.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation states that missing dependencies such as moviepy and openai-whisper may be auto-installed on first use, but it does not clearly warn users that running the tool can modify the local Python environment and trigger network/package installation. This creates a supply-chain and environment-integrity risk, especially in enterprise or restricted environments where silent dependency changes are not expected.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The transcription feature silently creates persistent JSON and TXT transcript files from input audio. In many environments, speech transcripts are more sensitive than the source media, so automatic persistence without a clear warning or opt-in can expose private or regulated information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code installs MoviePy automatically without explicit upfront consent, causing silent network access and persistent environment modification. In a security review context, undisclosed package installation is dangerous because it changes system state and imports third-party code unexpectedly.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Whisper auto-install path similarly performs undisclosed network and package-management activity. This is especially problematic in agent skills because users may expect only transcription, not runtime code acquisition and installation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal