ClawHub

AssemblyAI advanced speech transcription

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches an AssemblyAI transcription workflow, but it includes an immediate remote transcript deletion command that is only lightly disclosed and lacks a confirmation safeguard.

Review this skill before installing if agents may run commands autonomously. Use a scoped AssemblyAI API key where possible, only process media and transcripts you are allowed to send to AssemblyAI, avoid untrusted base URL overrides, and do not allow the `delete` command unless you intentionally want agents to be able to remove remote transcripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script exposes a `delete <transcript_id>` command that performs irreversible remote deletion of transcripts, but the skill metadata/description only presents transcription and processing features. This capability expansion is security-relevant because agents or users may invoke the skill under incomplete assumptions, increasing the chance of unintended destructive actions against remote data.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Remote deletion is not necessary for the core stated purpose of transcribing and formatting audio, yet the script can delete server-side transcripts with only an ID and API key. In an agent setting, unnecessary destructive capability broadens the blast radius of prompt mistakes, malicious user requests, or confused tool selection.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly states that transcript text is sent to an external LLM Gateway service, but it does not clearly warn users that potentially sensitive audio-derived content will leave the local workflow and be processed by a third-party endpoint. In a transcription skill, transcripts often contain PII, confidential business discussions, or regulated data, so omitting an explicit privacy/data-transfer warning can lead to unintended exposure and noncompliant use.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow recipes instruct an agent to send local audio files, URLs, transcripts, translations, and LLM prompts/schemas to AssemblyAI services, but they do not warn that potentially sensitive voice and transcript data will leave the local environment. In an agent setting, this omission can cause users or downstream automation to process regulated, confidential, or personal data without informed consent or appropriate safeguards.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The `delete` command executes immediately once called, with no confirmation prompt, no `--force/--confirm` safeguard, and no warning that the action is destructive. In automated or agent-driven workflows, this makes accidental deletion materially more likely because a mistaken command or transcript ID cannot be recovered by the script.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal