ClawHub

Upload audio to AIOZ Stream

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward audio uploader that sends a chosen file and user-provided API keys to the disclosed AIOZ/W3Stream API.

Install only if you intend to upload audio to the disclosed AIOZ/W3Stream endpoint. Treat the stream-secret-key as sensitive, prefer scoped or revocable keys, avoid putting secrets in logs or shared transcripts, and confirm the exact audio file and account before running the upload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill requires shell execution (`curl`, `jq`, `md5sum`) but does not declare corresponding permissions, creating a capability/permission mismatch. That increases the chance the skill will run commands and handle local files or network data without clear user-facing authorization boundaries.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script is presented as creating audio resources, but it actually sends authenticated requests to a video-creation endpoint. This mismatch can cause users to unknowingly create the wrong resource type with their credentials, violating user expectations and enabling unintended external actions under the user's account.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The comments explicitly say the script creates audio with custom configuration, but the implementation targets a video API. Misleading documentation around an authenticated API call is security-relevant because it can trick operators into approving or running behavior they did not intend.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The script is presented as retrieving audio details, but it queries a /api/videos/{id} endpoint instead. In a credentialed utility, this kind of resource/type mismatch is dangerous because it can cause users or higher-level agents to send valid API credentials to the wrong object namespace, potentially exposing or manipulating unintended media resources and returning incorrect links.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The comments claim the script gets audio details, but the implementation calls a videos API endpoint. This inconsistency can mislead users and automation into handling the script as audio-safe while it actually operates on a different resource class, increasing the chance of accidental data disclosure or misuse.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs collecting both the public key and the secret key, then sending them on all API calls, but provides no warning about credential sensitivity, storage, redaction, or safe handling. This is dangerous because secret keys are high-value credentials that could be exposed in chat history, logs, debugging output, or mishandled by downstream tooling.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly instructs users to send both a public key and a secret API key in request headers, but provides no warning about treating the secret key as highly sensitive, keeping it server-side, or avoiding exposure in client-side code, logs, or shared skill outputs. In an agent skill context that performs uploads and returns links, this omission can easily lead implementers to embed long-lived secrets directly into the skill configuration or runtime flow, increasing the risk of credential leakage and unauthorized API use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends both a public key and a secret key to an external API endpoint with no warning, confirmation, or disclosure to the user that sensitive credentials will be transmitted off-host. In this skill's context, remote transmission is expected for the API to function, but the lack of explicit disclosure and safe handling guidance still creates a real credential-exposure risk if users do not understand where their secret is being sent or run the script against an untrusted endpoint.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends both user-supplied audio content and API credentials to a third-party remote service, but provides no explicit warning, confirmation, or privacy/security notice before transmission. In an agent skill context, this is more dangerous because users may invoke the skill expecting local processing and may not realize sensitive media or secrets are being transmitted off-host.

External Transmission

Medium
Category
Data Exfiltration
Content
exit 1
fi

curl -s -X POST 'https://api-w3stream.attoaioz.cyou/api/videos/create' \
  -H "stream-public-key: $PUBLIC_KEY" \
  -H "stream-secret-key: $SECRET_KEY" \
  -H 'Content-Type: application/json' \
Confidence
93% confidence
Finding
curl -s -X POST 'https://api-w3stream.attoaioz.cyou/api/videos/create' \ -H "stream-public-key: $PUBLIC_KEY" \ -H "stream-secret-key: $SECRET_KEY" \ -H 'Content-Type: application/json' \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
# Step 1: Create audio object
echo "Creating audio object..."
CREATE_RESPONSE=$(curl -s -X POST 'https://api-w3stream.attoaioz.cyou/api/videos/create' \
  -H "stream-public-key: $PUBLIC_KEY" \
  -H "stream-secret-key: $SECRET_KEY" \
  -H 'Content-Type: application/json' \
Confidence
91% confidence
Finding
curl -s -X POST 'https://api-w3stream.attoaioz.cyou/api/videos/create' \ -H "stream-public-key: $PUBLIC_KEY" \ -H "stream-secret-key: $SECRET_KEY" \ -H 'Content-Type: application/json' \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal