Security audit

Whisper Piper Voice

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned, but it exposes an unauthenticated voice server on all network interfaces and documents persistent startup, so users should review it before installing.

Install only if you intend to run a local HTTP voice service. Bind it to localhost or firewall port 9998 unless you explicitly need LAN access, add authentication before exposing it to other machines, verify downloaded Piper binaries and models, and enable the systemd service only if you understand how to stop or disable it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill instructs the agent to execute shell commands such as package installation, downloading binaries/models, and running a local server, but it does not declare corresponding permissions. Undeclared shell capability increases the chance that an agent invokes command execution without appropriate review or user consent, which is a real security control gap even if the documented commands appear legitimate.

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The description contains broad trigger phrases like 'use when asked to set up voice capabilities' and 'build a voice assistant pipeline,' which can cause the skill to activate for loosely related user requests. Over-broad activation expands when shell commands, downloads, and local server setup may be invoked, raising the risk of unintended execution in contexts where the user did not specifically request this pipeline.

Natural-Language Policy Violations

Medium

Confidence: 71% confidence
Finding: The examples and defaults hard-code a German voice/model and German sample output without documenting locale selection or obtaining user preference. This is primarily a safety and UX issue rather than code execution, but it can lead to unintended language output, misconfigured deployments, or incorrect assumptions in downstream voice workflows.

Natural-Language Policy Violations

Low

Confidence: 88% confidence
Finding: The server actually binds to 0.0.0.0, not just the log message, exposing the unauthenticated transcription and speech endpoints on all network interfaces by default. In this skill context, the service performs CPU/GPU-intensive work and processes arbitrary client input, so default public exposure materially increases the risk of unauthorized access and denial of service.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal