Back to skill

Security audit

H-ear

Security checks across malware telemetry and agentic risk

Overview

This skill mostly fits an audio-classification service, but it includes an under-disclosed live RTSP capture command that runs ffmpeg and can submit captured audio to H-ear.

Install only if you are comfortable giving this skill H-ear credentials and sending selected audio, audio URLs, job metadata, and webhook callback data to the H-ear service. Treat `capture`/`listen` as a high-risk feature: it can capture from an RTSP/source URL using ffmpeg and submit the result for classification, even though that capability is not listed in SKILL.md. Require explicit user approval for live capture and webhook create/update/delete, use least-privileged credentials, and avoid private or regulated audio unless you have reviewed H-ear’s data handling terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
86% confidence
Finding
The public description frames the skill as passive sound interpretation, but the documented behavior includes webhook management, historical job/audio retrieval, report download, and external callback routing. That mismatch can cause users or agents to invoke actions that transmit or expose sensitive audio-derived data without fully understanding the operational scope.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that asynchronous classification and alerts use webhook callbacks routed through the gateway, but it does not prominently warn that job results and possibly sensitive audio-derived metadata are transmitted to external infrastructure. In an audio intelligence context, this is especially risky because environmental audio and derived events may contain private or regulated information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/cli.ts:191