Back to skill

Security audit

Whisper GPU Audio Transcriber

Security checks across malware telemetry and agentic risk

Overview

This skill coherently runs a local Whisper transcription script to create subtitle files, with ordinary setup and caching risks that users should understand.

Install only if you are comfortable running local Python transcription code, installing Whisper/PyTorch dependencies, downloading a large Whisper model on first use, and creating or overwriting .srt files next to audio files you choose to transcribe.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill explicitly states it will save SRT output to disk and therefore has file-write capability, but no corresponding permission is declared. Undeclared write access weakens the trust boundary for users and platforms because a skill that appears minimally privileged can still modify the filesystem, even if here the stated use is limited to writing subtitle files next to the input audio.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The README states the tool is 'completely free' and 'requires no network', but later notes that the first run will automatically download Whisper model files. This is a security-relevant misrepresentation because users operating in restricted, air-gapped, or privacy-sensitive environments may trust the offline claim and unintentionally allow network access or data egress during setup.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation contains an internal contradiction: it promises offline operation while also documenting automatic model download on first execution. Contradictory security claims reduce user ability to make informed trust decisions and are especially risky for environments with strict network, compliance, or supply-chain controls.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The English activation examples are broad natural-language phrases like converting arbitrary paths to subtitles, without clear trigger boundaries, exclusions, or confirmation requirements. This can cause overbroad invocation or execution on unintended files, especially if an agent matches loosely on user intent and passes arbitrary local paths into the transcription workflow.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The Chinese invocation examples have the same issue as the English ones: they are open-ended requests that lack activation constraints and safety boundaries. In multilingual environments, this broad phrasing increases the chance of unintended activation and file processing across different user inputs.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.