ClawHub

transcript

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but its setup flow gives the agent broad authority to create an external account, handle OTPs and API keys, and persist a secret across future sessions.

Review this before installing. Use it only if you are comfortable sending YouTube video identifiers and related request data to TranscriptAPI and giving the agent access to a TranscriptAPI key. Prefer creating the account and storing the key yourself through an approved secret manager, avoid pasting secrets into normal chat when possible, and remove or rotate the key when you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill goes beyond transcript retrieval and instructs the agent to create third-party accounts, handle OTP-based verification, and store long-lived credentials. That expands the privilege and data-handling scope substantially, creating unnecessary risk of secret exposure, unauthorized account creation, and misuse of the agent environment.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The document tells the agent to inspect the host environment and determine how to persist environment variables across future sessions and non-interactive shells. For a transcript skill, probing platform configuration and altering persistent shell or runtime state is unnecessary and increases the risk of modifying unrelated system behavior or storing secrets in insecure locations.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill's activation description is very broad and can cause the agent to invoke this skill for many ordinary YouTube-related tasks, including cases where the user did not clearly consent to using an external third-party service. That increases the chance of unnecessary network calls, disclosure of video identifiers and request metadata, and inappropriate tool selection over safer local handling.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documentation instructs use of TranscriptAPI.com and requires sending the YouTube URL or video ID plus request metadata over the internet, but it does not clearly warn users about this third-party data transfer. This can undermine informed consent and privacy expectations, especially in research, enterprise, or sensitive-use contexts where video selections and access patterns may themselves be sensitive.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide is centered on obtaining and storing an API key persistently but does not clearly warn the user that a long-lived secret will be retained across sessions. Users may provide credentials without understanding retention, exposure surface, or how the key will be used later by the agent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow directs the agent to collect the user's email and send it to a third-party registration endpoint without an explicit privacy notice or consent boundary. This creates avoidable privacy risk because personally identifiable information is transmitted to an external service for account creation not strictly necessary to fulfill the immediate task.

Ssd 3

High
Confidence
97% confidence
Finding
The skill explicitly asks the user to paste an API key and promises to 'set it up,' then instructs persistent storage so it survives across sessions. Collecting and retaining user secrets inside the agent environment creates a durable compromise target and is especially risky because the skill's stated purpose does not require long-term secret custody.

Ssd 3

High
Confidence
98% confidence
Finding
The instructions tell the agent to receive OTPs and API keys from the user, write raw auth responses to temporary files, extract tokens from those files, and then persist the final key in environment state. This is sensitive-authentication handling that materially increases the chance of credential leakage through files, logs, shell history, or later tool access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal