Voicemail Greeting Generator

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a coherent voicemail-assistance workflow with a disclosed third-party handoff, but users should treat anything pasted into Solvea as shared externally.

Before installing, understand that any voicemail script or business details you paste into Solvea leave the local agent environment and are handled by that service. Avoid including sensitive, regulated, or unnecessary customer information in the script.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs users to paste generated or custom voicemail text into a third-party website without clearly warning that the content leaves the local environment and is subject to that external service's data handling. Because voicemail scripts may contain business names, phone numbers, hours, alternate contacts, or other potentially sensitive operational details, users could unintentionally disclose information to a third party.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal