Back to skill

Security audit

Daily Voice Quote

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned but should be reviewed because it handles voice cloning, face/avatar media, public media URLs, API tokens, and automated messaging without enough consent and retention safeguards.

Install only if the person whose voice and face are used has explicitly approved cloning, avatar training, hosting, and automated delivery. Use dedicated API keys, verify the LINE recipient IDs, prefer short-lived or access-controlled media URLs, and confirm how ElevenLabs, HeyGen, hosting/CDN, and messaging providers store or delete uploaded and generated media.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill documents shell command execution (`curl`, `ffmpeg`, `sag`, `python3`, `uv`) but does not declare corresponding permissions/capabilities. That creates a transparency and policy-enforcement gap: a reviewer or runtime may underestimate what the skill can do, including network transmission and local file processing.

Context-Inappropriate Capability

Low
Confidence
72% confidence
Finding
The inclusion of affiliate/referral signup links introduces a monetization behavior unrelated to the core task. Even if not directly exploitable as code execution, it creates a conflict-of-interest signal and can steer users toward third-party services for the author's benefit without clear disclosure.

Context-Inappropriate Capability

Low
Confidence
72% confidence
Finding
A second affiliate/referral HeyGen link repeats the same unnecessary monetization pattern. In a skill handling personal voice, photos, and messaging workflows, undisclosed commercial steering reduces trust and can bias provider recommendations.

Intent-Code Divergence

Medium
Confidence
78% confidence
Finding
The skill says to send only media and never plain text, but elsewhere it instructs use of `message` tools and cron payloads that can send via message/tts. Contradictory operational guidance is dangerous because agents may choose an unsafe path and accidentally send internal scripts, TTS markup, or other unintended content to end users.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill automates generation and delivery of media derived from the owner's voice and photos, but it does not foreground a privacy notice about sending such data to third-party AI vendors and messaging platforms. This is dangerous because sensitive biometric-like media may be processed or redistributed without the user's informed understanding.

Missing User Warnings

High
Confidence
95% confidence
Finding
The instructions explicitly describe uploading the owner's voice samples and selfie video to external providers for voice cloning and avatar training, but omit an explicit consent requirement. Because this involves highly sensitive identity data that can enable impersonation and deepfake generation, missing consent controls materially increases privacy and abuse risk.

External Transmission

Medium
Category
Data Exfiltration
Content
**LINE Push API 範例:**
```bash
# 語音
curl -s -X POST https://api.line.me/v2/bot/message/push \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $LINE_CHANNEL_ACCESS_TOKEN" \
  -d '{
Confidence
88% confidence
Finding
curl -s -X POST https://api.line.me/v2/bot/message/push \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $LINE_CHANNEL_ACCESS_TOKEN" \ -d '{ "to": "YOUR_LINE_USER_ID", "

External Transmission

Medium
Category
Data Exfiltration
Content
- **方法一(官方 UI)**:主人錄 1-3 分鐘語音 → 上傳到 ElevenLabs Voice Lab
  - **方法二(主人傳語音給你)**:主人傳語音訊息 → 你下載後用 API 上傳克隆:
    ```bash
    curl -X POST "https://api.elevenlabs.io/v1/voices/add" \
      -H "xi-api-key: $ELEVENLABS_API_KEY" \
      -F "name=主人的名字" \
      -F "files=@/path/to/voice-sample.mp3" \
Confidence
96% confidence
Finding
https://api.elevenlabs.io/

External Transmission

Medium
Category
Data Exfiltration
Content
**LINE Push API 範例:**
```bash
# 語音
curl -s -X POST https://api.line.me/v2/bot/message/push \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $LINE_CHANNEL_ACCESS_TOKEN" \
  -d '{
Confidence
88% confidence
Finding
https://api.line.me/

External Transmission

Medium
Category
Data Exfiltration
Content
}'

# 影片
curl -s -X POST https://api.line.me/v2/bot/message/push \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $LINE_CHANNEL_ACCESS_TOKEN" \
  -d '{
Confidence
88% confidence
Finding
https://api.line.me/

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.