ClawHub

Discord Local STT/TTS Installer (macOS)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed macOS installer for an OpenClaw Discord STT/TTS plugin, with notable but purpose-aligned supply-chain risk from downloading and optionally building upstream code.

Install only if you trust the `vilmire/discord-local-stt-tts` GitHub project and are comfortable running build scripts from its current release and dependencies. For stronger control, review the upstream release and package scripts first, or run the dependency/build steps manually in a controlled environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs users to run a shell installer and explicitly performs network download, file installation, backup, and optional build steps, yet the skill declares no permissions. This creates a transparency and trust problem: users and any enforcement system are not informed that the skill can execute shell commands and modify files under the user's home directory, increasing the chance of unexpected or unsafe code execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The installer downloads an unpinned GitHub release zipball, copies it into the install directory, and then automatically runs `pnpm i` and `pnpm -s build` inside that downloaded content. This can execute arbitrary lifecycle/build scripts from the remote package without any integrity verification, pinning, or user confirmation, turning a compromised repo/release or supply-chain dependency into immediate code execution on the user's machine.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal