ClawHub

研究生组会录音智能总结助手。和老师讨论/组会汇报的录音,调用skill可以有针对性的识别出学生和老师的内容,同时以老师的内容为重点进行内容总结,根据用户指令,自定义选择以文本展示或者音频展示。

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for transcribing and summarizing meeting audio, but it sends sensitive audio/text to remote services and saves full intermediate transcripts by default without clear user control.

Review before installing. Use this only if you are comfortable with private audio, transcripts, and summaries being sent to external providers and stored locally as full intermediate files. Prefer explicit opt-in for remote ASR/TTS, a configurable no-transcript-retention mode, and declared pinned dependencies instead of runtime pip installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
except ImportError:
        print(f"缺少 {pip_name},正在自动安装...", file=sys.stderr)

    result = subprocess.run(
        [sys.executable, "-m", "pip", "install", pip_name],
        stdout=subprocess.PIPE,
        stderr=subprocess.PIPE,
Confidence
95% confidence
Finding
result = subprocess.run( [sys.executable, "-m", "pip", "install", pip_name], stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, )

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The helper `ensure_python_package` enables on-demand dependency installation via `pip`, which is unrelated to safe transcription logic and expands the attack surface significantly. Even though the package name is hardcoded here, runtime installation still permits supply-chain compromise, unexpected network access, and execution of package install hooks in the runtime environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The transcription function uploads local meeting audio to a remote third-party API, but the CLI does not present a clear user-facing consent or privacy warning before transmitting potentially sensitive academic discussions. These recordings may contain unpublished research, advisor feedback, or personal data, so silent exfiltration to an external service creates a meaningful confidentiality risk even if it is functionally intended.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The TTS path sends summary text to a remote API without explicit notice or consent, which can leak sensitive meeting summaries, unpublished results, or action items outside the local environment. In this skill context, the generated summaries are likely to condense the most sensitive content from advisor-student discussions, making accidental disclosure more harmful than generic text-to-speech use.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill requires saving raw ASR JSON, full transcript text, diarized transcript, and LLM input text by default. For sensitive mentor-student or research discussions, this materially increases exposure of potentially confidential academic content, personal data, unpublished results, and internal feedback beyond the minimum needed to produce a summary.

Ssd 3

Medium
Confidence
96% confidence
Finding
The delivery instructions explicitly tell the agent to provide raw transcript file paths alongside the summary. That encourages disclosure of complete conversation contents even when the user may have requested only a concise memo or audio summary, creating a natural path for oversharing sensitive research, academic evaluation, or personal discussion data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal