ClawHub

Send2tv

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it claims, but it can automatically stop another local service and briefly expose chosen media on the local network.

Review before installing. Use this only on a trusted LAN, avoid sending sensitive text, photos, or audio, expect it to stop any other program using port 8082, and review the separate edge-tts skill before using TTS mode.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def start_server(port=HTTP_PORT):
    """Start HTTP server for DLNA push."""
    subprocess.run(["fuser", "-k", f"{port}/tcp"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
    time.sleep(0.5)
    httpd = ReuseAddrTCPServer(("0.0.0.0", port), DLNAHandler)
    t = threading.Thread(target=httpd.serve_forever, daemon=False)
Confidence
94% confidence
Finding
subprocess.run(["fuser", "-k", f"{port}/tcp"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation shows direct shell execution (`python3 scripts/send2tv.py ...`) and capabilities that imply local file creation/serving, but no permissions are declared. Undeclared shell and file-write behavior weakens trust boundaries and can lead to unsafe execution in hosts that rely on declared permissions for sandboxing, review, or user consent.

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
The skill executes a Node-based TTS converter located in another skill directory under the user's home/root path, expanding the trust boundary to external code not controlled by this script. If that other skill or path is modified, this script will execute attacker-controlled code with the current user's privileges.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This logic forcibly kills any process listening on the configured HTTP port before starting the built-in server. In the context of an automation skill, that behavior can unexpectedly terminate unrelated local services and is dangerous because it is automatic and not scoped to a process started by this tool.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger list is broad and includes common phrases such as 'send to TV', 'display on TV', and Chinese equivalents without clear confirmation boundaries. This increases the chance of accidental or overly eager invocation, which is risky here because the skill can broadcast text, images, or audio to a TV on the local network and may expose locally served media over HTTP.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal