Back to skill

Security audit

WhatsApp Voice Note

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: converts text to audio and sends it as a WhatsApp voice note, with some privacy and recipient-control risks users should manage.

Install only if you want an agent capable of sending WhatsApp voice notes. Configure clear rules for allowed recipients and confirmation before sending, avoid using ElevenLabs for secrets or sensitive personal/business text, and use the local say engine or --out-only/--dry-run paths when you need lower-risk testing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill advertises and relies on shell execution and environment variable access, but it does not declare permissions. That creates a transparency and policy-enforcement gap: an agent or reviewer may approve the skill without realizing it can invoke local commands, access secrets such as API keys, and send data externally.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough to match common conversational requests like 'reply by voice' or 'read something out loud to a chat,' which can cause unintended activation. In this skill's context, unintended activation is more dangerous because the action sends a message to external recipients over WhatsApp, potentially causing privacy leaks or unauthorized communications.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The description does not clearly warn that text may be sent to ElevenLabs for synthesis and that the resulting audio will be delivered to WhatsApp recipients. This lack of disclosure can lead users or calling agents to send sensitive content to third parties or unintended contacts without informed consent.

External Transmission

Medium
Category
Data Exfiltration
Content
MP3="$TMP/voice.mp3"
  # Build JSON body safely (text may contain quotes / Hebrew / newlines).
  BODY="$(MODEL="$MODEL" TEXT="$TEXT" python3 -c 'import json,os;print(json.dumps({"text":os.environ["TEXT"],"model_id":os.environ["MODEL"],"voice_settings":{"stability":0.5,"similarity_boost":0.8}}))')"
  code=$(curl -sS -o "$MP3" -w "%{http_code}" \
    "https://api.elevenlabs.io/v1/text-to-speech/${VOICE_ID}" \
    -H "xi-api-key: ${ELEVENLABS_API_KEY}" -H "Content-Type: application/json" \
    --data "$BODY")
Confidence
97% confidence
Finding
curl -sS -o "$MP3" -w "%{http_code}" \ "https://api.elevenlabs.io/v1/text-to-speech/${VOICE_ID}" \ -H "xi-api-key: ${ELEVENLABS_API_KEY}" -H "Content-Type: application/json" \ --data

External Transmission

Medium
Category
Data Exfiltration
Content
# Build JSON body safely (text may contain quotes / Hebrew / newlines).
  BODY="$(MODEL="$MODEL" TEXT="$TEXT" python3 -c 'import json,os;print(json.dumps({"text":os.environ["TEXT"],"model_id":os.environ["MODEL"],"voice_settings":{"stability":0.5,"similarity_boost":0.8}}))')"
  code=$(curl -sS -o "$MP3" -w "%{http_code}" \
    "https://api.elevenlabs.io/v1/text-to-speech/${VOICE_ID}" \
    -H "xi-api-key: ${ELEVENLABS_API_KEY}" -H "Content-Type: application/json" \
    --data "$BODY")
  if [[ "$code" != "200" ]]; then
Confidence
95% confidence
Finding
https://api.elevenlabs.io/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.