Sdk Integration

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Gladia SDK documentation skill; its API key and audio handling are expected for speech-to-text integration and no hidden execution or exfiltration behavior was found.

Before installing, understand that examples may send audio files or live microphone audio to Gladia using your API key. Use it only in projects where users know recording/transcription is happening, keep API keys server-side for browser apps, and review Gladia’s data handling terms for your use case.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The microphone streaming example captures live audio from the user's environment and sends it to a remote transcription session, but it provides no explicit warning, consent prompt, or privacy notice. In SDK documentation, copy-paste examples are often used directly, so omitting a user-facing disclosure increases the risk that downstream apps will record and transmit audio without adequate user awareness or consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal