ClawHub

K8s Self Hosted Whisper Api

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it needs review because a crafted prompt can execute local Python code and audio is sent to an unauthenticated HTTP Whisper service.

Install only if you trust the Kubernetes Whisper service and the network it runs on. Avoid sensitive audio unless plain HTTP/no-auth transmission is acceptable, and patch or avoid the --prompt option before using untrusted prompt text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill invokes shell tooling and makes network requests but does not declare corresponding permissions, which weakens platform trust boundaries and informed consent. In practice, this can let a user or reviewer underestimate what the skill can do, especially since it sends user-provided audio to an internal HTTP service.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill sends audio content to a remote service over plain HTTP, yet the description does not clearly warn users that their audio leaves the local context for network processing. This creates a meaningful privacy and integrity risk because audio may contain sensitive data and HTTP provides no transport encryption.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger scope is broad enough to match many common transcription or subtitle requests without clearly stating limits, which increases the chance of accidental invocation. That matters here because invocation causes data to be sent to an unauthenticated internal ASR service, so overbroad matching can expose user audio more often than intended.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script uploads the full audio file to an internal service over plain HTTP, which provides no transport encryption or peer authentication. Even inside a Kubernetes cluster, this can expose sensitive speech content and derived transcripts to interception, traffic capture, misrouting, or abuse by a compromised pod, node, sidecar, or network component; the skill context increases risk because transcription inputs commonly contain private conversations, credentials, or regulated data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal