ClawHub

Audio2srtlocal

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its stated purpose, but its generated backend exposes unauthenticated local transcription APIs beyond the documented localhost-only use.

Install only if you are comfortable with a local app that writes a project directory, installs dependencies, downloads several GB of models, and runs web services. Run it on a trusted machine and network, prefer a fresh empty target directory, and change the backend to bind to localhost only or otherwise restrict access before using it with private audio.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to run shell commands (`pip3 install`, `npm install`, `./start.sh`, `kill -9`) and to download models from ModelScope, but it does not declare corresponding shell or network permissions. This creates a transparency and policy-enforcement gap: users and execution frameworks may not realize the skill can modify the system, fetch remote artifacts, and execute scripts.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger logic says that if a user only says 'deploy audio2srt' with no existing project, the skill should be selected by default. That broad matching can cause the agent to invoke a skill that writes many files, installs dependencies, downloads multi-GB models, and launches services even when the user's intent was ambiguous or they expected a safer, read-only response.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill notes overwrite behavior only inside the procedural steps, not as an upfront warning, despite stating that existing non-empty directories may be cleared and rebuilt. Because the skill performs extensive filesystem writes, a user could trigger it without appreciating that choosing overwrite may destroy existing data in the target directory.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file instructs the agent to create directories, write a large set of files into a target directory, and mark a script executable, but it does not require any confirmation, overwrite checks, or user-facing warning before modifying the filesystem. In this skill context, those actions are central to deployment, but the lack of safeguards increases the risk of unintended overwrites or persistence-related changes if TARGET_DIR is mis-set or already contains user data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal