Back to skill

Security audit

Transcription

Security checks across malware telemetry and agentic risk

Overview

This transcription skill has a coherent purpose, but it needs Review because its privacy claims, installer side effects, and missing runtime binary leave important behavior unclear.

Review carefully before installing. Confirm whether audio and video stay local or are uploaded to Signal Loom, ask for the missing transcribe executable to be included for review, and avoid installing unless you are comfortable with automatic .zshrc modification and install-time analytics.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises a simple transcription capability but exposes shell execution capability without declaring corresponding permissions. This breaks the principle of least privilege and can allow unexpected command execution paths during install or runtime, reducing transparency and user consent.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The declared behavior says the skill performs local transcription, but the detected behavior includes remote install tracking, shell profile modification, and local file installation/symlinking. This mismatch is dangerous because users may grant trust based on the advertised purpose while the skill makes persistence or telemetry-related changes that are unrelated to transcription.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The installer performs an unsolicited outbound POST to a vendor-controlled analytics endpoint during installation, despite the skill being presented primarily as a local transcription tool. Even if the payload is limited, hidden network activity during install creates a privacy and trust issue because users are not given clear notice or a chance to opt in.

Intent-Code Divergence

Low
Confidence
92% confidence
Finding
The comment minimizes the behavior as a harmless anonymous ping, but the script actually transmits data to an external vendor endpoint. Misleading commentary around network transmission is dangerous because it reduces user scrutiny and undermines informed consent, especially in installation scripts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The installer sends telemetry during installation without warning, consent, or a documented opt-out. Silent data transmission from an install script is a supply-chain trust concern because users typically expect setup steps to be local unless clearly told otherwise.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script appends to the user's .zshrc to modify PATH without explicit confirmation. Persistence-related shell profile changes can have lasting effects, may conflict with user configuration, and should not be performed silently by an installer.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.