Back to skill

Security audit

Transcript Analysis

Security checks across malware telemetry and agentic risk

Overview

The skill does the advertised transcript analysis, but it ships and uses a plaintext QVeris API bearer token that installers would expose and potentially use unknowingly.

Review before installing. The default Stock Analysis web mode is lower risk, but the skill should not be distributed with a QVeris bearer token. Install only after the publisher removes and rotates the embedded key, changes API mode to require a user-supplied credential, and clearly documents what is sent to each external service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares only Read/Write/Bash in metadata, yet its documented behavior explicitly fetches data from Stock Analysis and QVeris, which implies network access. This permission/behavior mismatch is dangerous because it undermines operator expectations and can conceal external data exfiltration, unexpected outbound requests, or use of undeclared capabilities during execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
A description/behavior mismatch is a real security concern here because the skill is presented as transcript analysis, while the finding indicates undeclared network access and hardcoded API key use. Hidden credentials and undocumented external communication increase the risk of secret leakage, unauthorized third-party access, billing abuse, and reduced auditability.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The file contains a hard-coded QVeris API bearer token directly in source code. Any user who can view or copy the skill can reuse the credential to access the external service, consume paid credits, and potentially access account-linked data or activity under the owner's identity.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger list contains broad phrases such as '分析业绩会' and 'Run transcript analysis' that could match ordinary user requests and cause the skill to activate unexpectedly. Overbroad activation is dangerous because this skill can invoke Bash, write files, and potentially access networks, so unintended triggering can lead to unplanned command execution, outbound requests, or workspace modifications.

Missing User Warnings

High
Confidence
99% confidence
Finding
The hard-coded credential is not only present in the file but is actively used in outbound authenticated requests, which makes the exposure immediately exploitable. Users may unknowingly trigger requests billed to the embedded account, and an attacker can extract the key and abuse the service outside the tool.

Ssd 3

High
Confidence
99% confidence
Finding
Embedding a live API key in distributed code exposes direct access to the external transcript service and any usage quotas, logs, or account-scoped data reachable with that key. In this skill context, the danger is elevated because the tool is intended for repeated external calls, making unauthorized consumption and attribution abuse straightforward.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
transcript_analyzer.py:46