ClawHub

Voice Message

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: create voice-message audio and send it through chat-platform APIs, with some privacy and token-handling cautions.

Install only if you are comfortable sending the voice text to an external TTS service and uploading generated audio to Feishu or other chat platforms. Use short-lived Feishu tokens where possible, avoid pasting long-lived tokens into shared transcripts or shell history, and inspect the shell scripts before running them in sensitive environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The instructions tell users to provide a Feishu tenant_access_token and upload generated audio to an external service without an explicit warning about credential sensitivity, token handling, or data transmission. In an agent setting, this increases the chance that operators paste live tokens into logs, prompts, shell history, or unsafe environments, leading to credential leakage or unintended external sharing of message content.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script sends arbitrary input text to `edge-tts`, which relies on an external network service, but it does not warn the caller that message contents may leave the local environment. In a messaging skill, that text may contain sensitive user content, so silent transmission to a third party creates a real privacy and data-handling risk even if the implementation is otherwise straightforward.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal