ClawHub

Podcast Downloader

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: downloads Xiaoyuzhou podcast audio and show notes, converts audio to MP3, and saves the results locally, with some privacy and file-retention caveats.

Install only if you are comfortable with podcast files and show notes being saved to the configured output folder, which defaults to a Baidu-synced path. Set PODCAST_DIR to a non-synced folder for more private local storage, and set KEEP_M4A=true if you want to retain the original audio file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises shell-based behavior but does not declare permissions, which reduces transparency and prevents informed consent around command execution, network access, and file writes. In this context the skill downloads remote content, invokes local tools, and writes into a user directory, so undeclared capabilities materially increase security and privacy risk.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The activation description is broad enough to trigger on common requests involving podcasts, saving audio, or extracting text, which can cause the agent to invoke a file-writing, network-downloading shell workflow unexpectedly. Because this skill downloads media and persists content locally, overbroad routing increases the chance of unintended execution and surprise side effects.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill omits a prominent warning that files are written to a cloud-synced directory and that original audio is deleted by default after conversion. That combination can unintentionally expose downloaded content to syncing services and cause irreversible data loss if users expected only temporary local processing or wanted to retain the source file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal