ClawHub

Voice.Ai Voice Agents

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Voice.ai agent-management skill, with some safety guidance gaps around secrets and destructive actions.

Install only if you trust the publisher and intend to let the skill manage your Voice.ai account. Use a scoped API key if available, avoid printing or committing secrets, review MCP server credentials carefully, and manually confirm the exact agent ID before deploy, pause, delete, phone-number, or knowledge-base actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation includes a direct delete command for agents without warning that the action is destructive or recommending a confirmation step. In an agentic environment, this increases the chance of accidental deletion of production agents, causing service disruption and loss of configuration.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Deploying an agent for live phone calls has clear external side effects, but the docs present deployment as a routine command without warning about real-world impact. This can lead to accidental activation of customer-facing telephony behavior, unexpected charges, or unintended outbound/inbound call handling.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The authentication instructions show several ways to store API keys but omit privacy guidance about shell history, plaintext config storage, and local file exposure. While common in setup docs, this still increases the chance of credential leakage through copied commands, checked-in `.env` files, or shared terminals.

Vague Triggers

Medium
Confidence
80% confidence
Finding
Trigger phrases such as 'new agent', 'show agent', or 'start the bot' are broad enough to overlap with normal conversation. In a tool-using assistant, ambiguous triggers can cause accidental activation of a skill that performs state-changing operations like deployment, update, or deletion.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The delete command performs an irreversible destructive action immediately after receiving an ID, with no confirmation prompt, dry-run, or force flag semantics. In a CLI that manages production conversational agents, this increases the chance of accidental deletion from mistyped IDs, scripting mistakes, or operator error, causing service disruption and configuration loss.

Ssd 3

Medium
Confidence
97% confidence
Finding
The docs explicitly instruct users to run `echo $VOICE_AI_API_KEY`, which prints the secret to the console and can expose it in terminal scrollback, recordings, logs, or support screenshots. This is a direct secret disclosure risk and unnecessary for authentication verification.

Ssd 3

Medium
Confidence
95% confidence
Finding
The MCP integration example includes a plaintext `auth_token` value labeled as a secret, normalizing hardcoded credential embedding in code snippets. Users often copy examples verbatim, which can lead to committed secrets, leaked repository credentials, or insecure downstream integrations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal