ClawHub
Back to skill

Security audit

HN Podcast Transcriber

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local podcast transcription skill; the main risks are expected downloads, disk use, local transcription work, and optional scheduling.

Install only if you want local podcast audio and transcript archives. Use trusted RSS feeds, start custom feeds with --limit, choose a dedicated archive directory, watch disk usage, install Whisper and ffmpeg from trusted sources, and enable cron only if you want ongoing automatic downloads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises and relies on network access, shell execution, environment use, and file writes, but does not declare permissions or provide an explicit capability boundary. That mismatch can cause an orchestrator or user to invoke a skill without understanding that it will download external content and persist files, increasing the chance of unsafe execution or policy bypass.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger text is overly broad because it extends beyond the named Hacker News use case to 'any podcast RSS feed transcription workflow.' Broad routing language can cause the skill to be selected for arbitrary untrusted feeds, expanding the attack surface for malicious URLs, oversized downloads, unexpected media formats, and unsafe automation in contexts the user did not specifically request.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documentation tells the user how to run the pipeline but does not clearly warn that execution downloads external audio and writes archives/transcripts to disk. This missing disclosure can lead to surprising network activity, storage consumption, and persistence of potentially sensitive or copyrighted content without informed user consent.

Session Persistence

Medium
Category
Rogue Agent
Content
Set up an OpenClaw cron job for daily checks:

1. Create an isolated cron job that runs the script
2. Or add a heartbeat check in HEARTBEAT.md

## Archive Structure
Confidence
89% confidence
Finding
Create an isolated cron job that runs the script 2. Or add a heartbeat check in HEARTBEAT.md ## Archive Structure See [references/archive-layout.md](references/archive-layout.md) for directory layou

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal