Back to skill

Security audit

Gipformer ASR

Security checks across malware telemetry and agentic risk

Overview

This is a local Vietnamese speech-to-text skill whose sensitive audio handling is expected for its purpose, with privacy precautions needed when choosing where to run the server.

Install in a virtual environment, review the Python dependencies and Hugging Face model source, and keep the server bound to 127.0.0.1 for private use. Only use a remote server URL or bind to 0.0.0.0 if you trust and secure that environment, because audio recordings and transcripts may contain private information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation describes capabilities to install dependencies, start a local server, download models, invoke shell commands, and potentially write output files, yet no permissions are declared. This creates a transparency and governance gap: users or orchestrators may authorize the skill without realizing it uses network, shell, and file-write behaviors.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation text includes generic phrases like 'transcribe this audio' that could match ordinary user requests broadly, causing the skill to activate when the user did not specifically intend to use this implementation. Overbroad triggering can route sensitive audio into this skill unexpectedly, increasing privacy and consent risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill sends user audio as base64 in an HTTP request to a transcription server but does not clearly warn the user about this transmission path. Even though the endpoint is localhost, audio leaves the immediate agent context and is exposed to another service process, which has privacy implications and should be disclosed.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script base64-encodes the full audio file and sends it to a server endpoint, but it does not provide any explicit warning, confirmation, or privacy notice to the user at the point of transfer. Because audio may contain sensitive personal or confidential information, silent transmission to a configurable server can create unintended data exposure, especially if the server is remote or operated by a third party.

External Transmission

Medium
Category
Data Exfiltration
Content
with open(file_path, "rb") as f:
        audio_b64 = base64.b64encode(f.read()).decode("ascii")

    resp = requests.post(
        f"{server_url}/transcribe",
        json={"audio_b64": audio_b64},
        timeout=600,
Confidence
80% confidence
Finding
requests.post( f"{server_url}/transcribe", json=

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.