Alicloud Ai Audio Asr Realtime

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Alibaba Cloud realtime speech-to-text helper, with the main caution that saved ASR samples may contain sensitive transcripts.

Install if you are comfortable using Alibaba Cloud credentials for ASR. Treat anything saved under the output directory as potentially sensitive, especially transcripts, response samples, or metadata, and delete or protect those files before sharing or committing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Low

Confidence: 75% confidence
Finding: The skill instructs users to provide a cloud API key via environment variable or credentials file but does not warn about secret handling, least privilege, or avoiding accidental inclusion in logs and saved artifacts. In this skill's context, session payloads are also explicitly persisted, which slightly increases the chance of adjacent secret exposure through operational mistakes.

Session Persistence

Medium

Category: Rogue Agent
Content: ## Validation ```bash mkdir -p output/alicloud-ai-audio-asr-realtime python -m py_compile skills/ai/audio/alicloud-ai-audio-asr-realtime/scripts/prepare_realtime_asr_request.py && echo "py_compile_ok" > output/alicloud-ai-audio-asr-realtime/validate.txt ```
Confidence: 81% confidence
Finding: mkdir -p output/alicloud-ai-audio-asr-realtime python -m py_compile skills/ai/audio/alicloud-ai-audio-asr-realtime/scripts/prepare_realtime_asr_request.py && echo "py_compile_ok" > output/alicloud-ai-

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal