Voice Broadcast

Security checks across malware telemetry and agentic risk

Overview

This voice-readout skill is mostly coherent, but it can send sensitive replies as Feishu voice audio and explicitly override mute for urgent content.

Install only if users understand that assistant replies can be converted to audio and sent through Feishu. The mute override should be reviewed or removed before use in private, medical, regulated, or shared-audio environments.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill enables automatic TTS playback and states that audio is sent via Feishu, but it does not require clear informed consent at the point of activation or warn that reply content will be transmitted through external services/channels. This can expose sensitive assistant responses, including private or regulated content, through unintended audio delivery or third-party processing, and the '危急内容强制播报，忽略静音' rule increases risk by bypassing user preference controls.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal