ClawHub

Byted Podcast Gen

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for podcast generation, but it under-discloses credential provisioning, credential persistence, and external processing of user-provided content.

Install only if you are comfortable with podcast inputs, webpage URLs, and generated audio being handled by the Bytedance/Volcengine speech service. Use a dedicated low-privilege API key, check or remove scripts/.env after use, and avoid confidential or regulated documents unless the provider and retention expectations are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The function automatically lists or creates speech API keys and then caches them for future use. For a podcast-generation skill, obtaining a speech service credential may be functionally related, but provisioning and persisting credentials inside the skill expands capability beyond transient use and creates a secret-management risk if the local environment or repo is later exposed.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
This code writes sensitive values into a local .env file, creating persistent secret storage on disk. Even with an attempted chmod to 0600, secrets may be exposed through backups, logs, packaging, accidental commits, or environments that ignore POSIX permissions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger condition uses broad wording like '等相关关键词', which can cause the skill to activate for loosely related requests rather than clear podcast-generation intent. Over-broad activation increases the chance that the agent performs network access, file handling, or shell execution in contexts the user did not specifically intend.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly supports fetching webpage and downloadable file URLs, validating returned download links, and saving generated audio locally, but it provides no warning or restriction around external network access, untrusted content retrieval, or local file writes. In this context, user-controlled URLs can expose the agent to SSRF-like requests, access to internal resources, or unsafe handling of remote content and downloaded artifacts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions tell the agent to ask the user for an API key and set it in an environment variable, but they do not warn that this is sensitive credential material that must not be echoed, logged, or persisted insecurely. In an agent setting, this can lead to accidental secret disclosure in chat transcripts, command history, logs, or shared runtime environments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill silently stores a newly discovered or created API key into process environment and then into .env without any user-facing disclosure or consent. Hidden persistence of credentials is risky because users may not realize the skill modified local secret state or left long-lived credentials behind.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code sends credential-bearing requests using the ARK bearer token to list or create API keys without any visible disclosure to the user. While this may support speech synthesis setup, silent outbound secret-related operations increase the risk of unexpected account changes, billing impact, and unauthorized credential lifecycle actions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal