Back to skill

Security audit

Voice-to-Protocol Transcriber

Security checks across malware telemetry and agentic risk

Overview

This skill appears non-malicious, but it needs review because its advertised voice transcription behavior does not match the shipped code and its handling of potentially sensitive lab records is under-scoped.

Review before installing. Treat generated protocol files as potentially sensitive records, choose a controlled output directory, avoid path characters in experiment names, and do not rely on the advertised voice transcription until the implementation and network/privacy disclosures are corrected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documents file read/write behavior and local config loading, but it does not declare permissions accordingly. Undeclared capabilities reduce transparency and can bypass user or platform expectations about what the skill can access, especially when saving into user directories. In a lab context, this raises the risk of silently handling sensitive experimental records without explicit consent boundaries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior does not match the claimed purpose: it implies real-time voice transcription, but the implementation evidence indicates local file operations, config loading, and text-based interaction rather than actual microphone capture/transcription. This kind of mismatch is dangerous because users may grant trust, data, or permissions based on false assumptions, and reviewers may underestimate privacy and operational risks. In a laboratory setting, misleading behavior around experiment logging can also affect record integrity and compliance expectations.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The risk section claims there are no external API calls, yet the documented dependency on speech recognition in practice commonly relies on network-backed services. Misstating network behavior is a security issue because users may expose sensitive spoken lab or clinical data to third parties without informed consent. This is more serious in experimental and clinical environments where captured audio or transcriptions may contain confidential information.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description omits a clear warning that it may capture microphone input and store sensitive experimental or clinical data. This lack of notice undermines informed consent and can lead users to record confidential information without understanding retention, exposure, or sharing risks. The wet-lab and clinical framing makes this more dangerous because the data may include proprietary research or regulated information.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.