Back to skill

Security audit

minimax_ttsvoicereponse_feishu

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Feishu voice-reply helper, with privacy and trigger-scope cautions but no hidden or destructive behavior found.

Install only if you are comfortable sending the voice-reply text to MiniMax and then sharing the generated audio through Feishu. Prefer explicit triggers like /voice or 语音回复:, avoid sensitive or regulated content, use an environment variable for the API key when possible, and protect any local config.txt file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases include very broad everyday expressions such as direct mentions of speaking or voice reply, which can cause accidental activation when a user is not intentionally invoking the skill. In this skill, unintended triggering is more concerning because activation causes user text to be sent to an external TTS provider and then sends a Feishu voice message, creating both privacy and messaging-side effects.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description explains the technical flow but does not clearly warn users that their text will be transmitted to the external MiniMax TTS API and that the resulting audio will be sent as a Feishu message. This lack of disclosure can lead to users unintentionally sharing sensitive content with a third party and broadcasting it into chat.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The README instructs users to place an API key in a local config file but does not warn about file-permission hygiene, accidental commits, or plaintext secret storage risks. In an agent/skill ecosystem where workspaces may be synced, shared, or inspected by other tooling, this can increase the chance of credential leakage even though the documentation itself is not directly exploitable code.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script transmits arbitrary user-provided text to an external TTS provider without any explicit warning, consent step, or privacy notice at runtime. If users provide sensitive content, they may unknowingly disclose personal, confidential, or regulated data to a third party.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.