ClawHub

S2-SP-OS Acoustic Radar

Security checks across malware telemetry and agentic risk

Overview

This skill is review-worthy because it records ambient microphone audio, sends it to a local HTTP service, and suggests security or camera-related follow-up actions with privacy claims stronger than the code supports.

Install only if you are comfortable granting microphone access and sending short audio clips to a LAN edge server you control and trust. Verify the destination yourself, do not rely on the cryptographic or absolute privacy claims, and require manual confirmation before any camera, alarm, security, logging, or smart-home action is taken from its suggestions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares only `exec` in `allowed-tools`, yet its metadata and described behavior clearly require network communication to send captured audio to an edge service. This mismatch weakens permission transparency and can cause users or hosting systems to underestimate the skill's actual data exfiltration surface, especially because the data involved is ambient microphone audio.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill markets itself as privacy-preserving and LAN-only, but the described behavior includes live microphone capture, network transmission of audio, and downstream automation actions beyond simple classification. That gap is dangerous because users may consent to a passive local classifier without realizing they are enabling active ambient surveillance and potentially sensitive automations triggered by inferred events.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented as a privacy-focused acoustic perception client, but it also emits cross-domain automation suggestions that can drive other sensors or security actions. This expands the capability boundary beyond passive classification and can enable unintended surveillance or actuation chains based on a 3-second audio inference result.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The code contains logic to suggest triggering cameras, radar, lighting, and security responses, which is not necessary for simple acoustic analysis. In a home environment, this broadens operational scope and increases the risk of privacy intrusion or unsafe automation from misclassification or abuse.

Intent-Code Divergence

Low
Confidence
72% confidence
Finding
The code claims strict ephemeral privacy and complete audio disposal, but on the silence path the recorded audio buffer is not explicitly cleared before returning. This is a weaker issue than direct exfiltration, but it makes the privacy guarantees inaccurate and leaves sensitive audio in process memory longer than advertised.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The instructions indicate that the skill records ambient audio and sends a short slice over the network, but the user-facing description does not prominently warn about this surveillance-sensitive behavior. Insufficient disclosure undermines informed consent and can lead to covert collection or transmission of nearby conversations and environmental sounds.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill records microphone input and may transmit it to an edge service after only a CLI consent flag, without a clear runtime warning at the moment audio capture/transmission occurs. Given the privacy-sensitive nature of ambient audio, this can lead to users or operators underestimating that live audio is being captured and sent over the network.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal