ClawHub

Video Call AI Character

Security checks across malware telemetry and agentic risk

Overview

The skill’s video-call purpose is coherent, but it automatically handles sensitive call transcripts and recordings without clear consent, retention, or sharing controls.

Install only if you are comfortable giving the npm runtime a Runway API key and having call audio/video, transcripts, avatar images, and personality context processed for video calls. Use it with explicit opt-in for calls and recordings, avoid sensitive personal or business details in the avatar personality, prefer localhost over tunneling, stop the server when done, and delete recordings or avatars you no longer need.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The privacy section claims no local files are read, which is misleading in context because the workflow later instructs downloading a recording to a local path and sending it onward. Even if the recording is newly created rather than preexisting local data, the documentation understates local file handling and can cause operators to mishandle sensitive media under incorrect assumptions.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Downloading and re-sending call recordings introduces persistent handling and redistribution of sensitive audio/video that exceeds the core need to initiate a call. This materially increases exposure of personal data, conversation content, and possibly regulated information if the recording is stored insecurely or forwarded without consent.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description authorizes agent-initiated calls for broad categories like check-ins or any conversation better face-to-face, which creates a large discretion surface for intrusive contact. In an autonomous agent context, vague invocation criteria can lead to harassment, social engineering opportunities, or repeated unsolicited calls.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The 'When to Call' guidance remains broad and subjective, especially for decision points, complex explanations, and status updates. Without strict constraints or consent checks, the skill encourages overuse of a high-interruption communication channel and can be abused by downstream prompts to pressure users into synchronous interaction.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill describes initiating calls, collecting transcripts, and producing recordings without a clear requirement to obtain user consent for both contacting and recording. This creates substantial privacy and legal risk, especially in jurisdictions requiring two-party consent or explicit notice before recording communications.

Missing User Warnings

High
Confidence
97% confidence
Finding
The instructions to download and forward the recording omit safeguards for sensitive data handling, retention, and sharing permissions. Because recordings can contain credentials, personal information, or confidential work discussions, automatic redistribution through chat can compound the original privacy exposure.

Ssd 3

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to build and persist a personality using user-specific context and to reuse that context across calls, which encourages unnecessary retention and propagation of personal data. This increases the chance of oversharing, stale sensitive context reuse, and disclosure of information the user did not expect to be embedded into prompts.

Ssd 3

High
Confidence
96% confidence
Finding
Automatically retrieving the full transcript and recording, then proactively sending them back through chat, creates a second distribution channel for sensitive conversation data. That behavior increases leakage risk, broadens retention, and may expose content to other integrations, logs, or compromised messaging endpoints.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal