Back to skill

Security audit

Addis Assistant

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do its advertised speech-to-text and translation work, but it handles sensitive audio/text and API keys in a way users should review before installing.

Review before installing. Use this only for audio or text you are comfortable sending to Addis Assistant, avoid passing real API keys directly on the command line where possible, and prefer a version that uses a secret store or environment variable and explicit https:// endpoints.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation describes executable scripts and API interactions but does not declare permissions, while static analysis detected shell capability. This creates a transparency and consent problem: a user or orchestrator may invoke code with broader execution/network effects than the skill metadata communicates, increasing the chance of unintended command execution or external data transfer.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The description says the skill performs STT and translation via api.addisassistant.com and requires an x-api-key, but it does not clearly warn that user audio/text and credentials are transmitted to a third-party service. This can lead to uninformed disclosure of sensitive content, including private audio, transcripts, and API secrets, especially in environments where users expect local-only processing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The spec instructs clients to send audio files and text content to a third-party remote API but does not disclose any privacy, retention, or transmission warning. Because STT and translation inputs may contain sensitive personal, financial, or regulated data, omission of this warning can cause unintentional data exfiltration to an external service and unsafe handling by downstream users or agents.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends both the user's audio content and the API key to an external third-party service, but provides no meaningful privacy, consent, or data-handling warning beyond command-line usage. In a skill context, this is security-relevant because sensitive voice data may be transmitted off-device without explicit user awareness, and API credentials are exposed to another process invocation path.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script requires the API key as a command-line argument, which can expose the secret through shell history, process listings, audit logs, crash reports, and orchestration tooling. In a skill or agent environment, this is more dangerous because credentials may be observable by other local users, monitoring systems, or stored in execution traces.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.