ClawHub

Podcast Automation

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: downloads and transcribes podcasts, optionally controls Sonos playback, and can upload chosen transcripts to Feishu Wiki.

Install only if you want the agent to download podcast audio, run local transcription, control named Sonos speakers, and upload selected transcript text to Feishu Wiki. Review transcript contents and destination space before archiving, use least-privilege Feishu app credentials, and consider pinning external tool versions for reproducible installs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill invokes shell commands (`curl`, `python3`, `whisper`, `sonos`, `bash`) but does not declare corresponding permissions or clearly scope those capabilities. This creates a transparency and policy gap: users and the platform may not realize the skill can download remote content, access local files, control devices, and send data to external services.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes uploading transcript content to Feishu Wiki without warning that potentially sensitive audio-derived text will be transmitted to a third-party service. If users process private meetings, personal content, or copyrighted material, this can cause unintended data disclosure and compliance issues.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill includes commands that control Sonos speakers, affecting external devices on the user's network, without an explicit confirmation requirement. This can cause unintended playback, privacy disturbance, or misuse in shared environments if executed automatically.

External Transmission

Medium
Category
Data Exfiltration
Content
enc = root.find('.//item/enclosure')
print(enc.get('url') if enc is not None else '')
")
curl -L -o /tmp/podcast.mp3 "$AUDIO_URL"
```

### 1.3 yt-dlp(支持 YouTube / Spotify 等平台)
Confidence
81% confidence
Finding
curl -L -o /tmp/podcast.mp3 "$AUDIO_URL" ``` ### 1.3 yt-dlp(支持 YouTube / Spotify 等平台) ```bash yt-dlp -x --audio-format mp3 -o "/tmp/podcast.%(ext)s" "https://www.youtube.com/watch?v=XXX" ``` ## 二、本

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
SPACE_ID="your_space_id"
RESULT=$(curl -s -X POST \
  "https://open.feishu.cn/open-apis/wiki/v2/spaces/$SPACE_ID/nodes" \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
Confidence
95% confidence
Finding
curl -s -X POST \ "https://open.feishu.cn/open-apis/wiki/v2/spaces/$SPACE_ID/nodes" \ -H "Authorization: Bearer $TOKEN" \ -H 'Content-Type: application/json' \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
TRANSCRIPT=$(cat /tmp/podcast-out/podcast.txt)
curl -s -X POST \
  "https://open.feishu.cn/open-apis/docx/v1/documents/$OBJ_TOKEN/blocks/$OBJ_TOKEN/children" \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
Confidence
98% confidence
Finding
curl -s -X POST \ "https://open.feishu.cn/open-apis/docx/v1/documents/$OBJ_TOKEN/blocks/$OBJ_TOKEN/children" \ -H "Authorization: Bearer $TOKEN" \ -H 'Content-Type: application/json' \ -d

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal