ClawHub

有声读物生成助手

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it promises, but it automatically installs an unpinned Python dependency at runtime, so it should be reviewed before installation.

Review before installing. Prefer running it in a virtual environment and preinstalling a pinned requests dependency, or ask the maintainer to remove runtime pip installation. Use a scoped SenseAudio API key and only synthesize stories you are comfortable sending to SenseAudio and saving in local output files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
except ImportError:
        print(f"缺少 {pip_name},正在自动安装...", file=sys.stderr)

    result = subprocess.run(
        [sys.executable, "-m", "pip", "install", pip_name],
        stdout=subprocess.PIPE,
        stderr=subprocess.PIPE,
Confidence
95% confidence
Finding
result = subprocess.run( [sys.executable, "-m", "pip", "install", pip_name], stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, )

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Auto-installing Python packages during execution is a supply-chain and code-execution risk that is not necessary for the core story-to-audio function. The skill context makes this more dangerous because users expect content transformation, not environment mutation and code retrieval from external package sources at runtime.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill sends user-provided story text to a remote TTS API, but the code does not provide an explicit user-facing consent or warning at the point of transmission. In this context, users may submit unpublished stories, scripts, or sensitive dialogue, so undisclosed network transfer creates a real confidentiality and compliance risk even if the remote API is expected for TTS.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal