ClawHub

clawdible -audiobooks

Security checks across malware telemetry and agentic risk

Overview

This Audible account helper is disclosed and purpose-aligned, but users should treat its dependency installs and stored Audible auth file carefully.

Install only if you are comfortable giving this skill access to your Audible account. Prefer running it in a virtual environment with reviewed versions of audible and httpx already installed, protect ~/.config/audible/auth.json like a password, and verify the exact title, ASIN, narrator, marketplace, and cost before confirming any purchase.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if missing:
        print(f"Installing missing dependencies: {', '.join(missing)}...")
        try:
            subprocess.check_call(
                [sys.executable, "-m", "pip", "install", "--quiet"] + missing
            )
            print("Dependencies installed.\n")
Confidence
94% confidence
Finding
subprocess.check_call( [sys.executable, "-m", "pip", "install", "--quiet"] + missing )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if missing:
        print(f"Installing missing dependencies: {', '.join(missing)}...")
        try:
            subprocess.check_call(
                [sys.executable, "-m", "pip", "install", "--quiet"] + missing
            )
            print("Dependencies installed.\n")
Confidence
92% confidence
Finding
subprocess.check_call( [sys.executable, "-m", "pip", "install", "--quiet"] + missing )

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation describes runtime behaviors that include shell execution, network access, and reading/writing local auth material, yet there is no declared permission boundary or user-visible capability declaration. In an agent ecosystem, this weakens transparency and policy enforcement, making it easier for a seemingly simple audiobook skill to perform sensitive actions such as pip installs, token storage, and purchases without clear prior authorization.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Auto-installing Python packages is unrelated to the core Audible authentication flow and introduces unnecessary code execution during a sensitive auth process. Because this script stores authentication material and guides users through login, adding runtime package installation increases the attack surface and makes the skill more dangerous than a normal utility script.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill performs automatic dependency installation on startup, which is unnecessary for its stated Audible-management purpose and creates a software supply-chain risk. In this context, the skill also handles authenticated account operations, so introducing unpinned packages at runtime increases the chance that a compromised dependency could access account tokens, library data, or purchase capabilities.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are broad enough to activate on common audiobook-related requests, including commercial actions like "buy audiobook" and account-scoped actions like viewing a library or wishlist. In context, this is more dangerous because the skill can authenticate to a user's Amazon/Audible account and perform state-changing operations, so over-broad invocation increases the chance of accidental or premature activation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The wishlist add path performs a state-changing API call immediately, without a confirmation flag or in-code user-consent gate comparable to the purchase flow. In an agent setting, this makes unintended account modifications more likely because ambiguous prompts, prompt injection, or tool misuse could silently alter a user's Audible wishlist.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal