ClawHub

Local Whisper

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a local speech-to-text setup tool, but users should understand that it downloads, builds, and installs external components and changes OpenClaw audio configuration.

Install only if you are comfortable downloading and compiling whisper.cpp, downloading speech models, and letting the skill update OpenClaw audio settings. Prefer reviewing the scripts first, run installation from a trusted network, and consider pinning a known whisper.cpp release or verifying downloaded model sources before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill description understates impactful behavior by presenting the skill as a local STT setup while omitting that installation scripts may automatically modify OpenClaw configuration, restart the gateway, and download user-specified model artifacts. That mismatch is dangerous because operators may consent to a seemingly narrow feature install without realizing it changes runtime behavior and fetches external content, increasing the risk of unwanted configuration drift or supply-chain exposure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script clones code directly from GitHub, builds it, and installs executables and shared libraries into the user's home directory without any confirmation, pinning, signature verification, or integrity check. That creates a real supply-chain risk: if the upstream repository or transport path is compromised, the user will build and run attacker-controlled code locally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal