Back to skill

Security audit

Gladia Using Cli

Security checks across malware telemetry and agentic risk

Overview

This appears to be a normal Gladia API helper skill, but users should understand that submitted audio and URLs leave the local environment.

Install only if you are comfortable sending selected audio files or referenced URLs to Gladia for processing. Prefer environment variables or a secret manager for the API key, avoid putting keys directly in commands, and do not submit confidential, regulated, or third-party recordings unless you have verified consent and Gladia's retention/compliance terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly states that local audio files are auto-uploaded and URLs are sent to an external API, but it does not provide a clear privacy or data-handling warning. This can cause users to submit sensitive recordings or regulated data without realizing the content leaves the local environment and is processed by a third party.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The authentication section recommends environment variables, local credential storage, and especially inline `--gladia-key <API_KEY>` usage without warning that command-line arguments may be exposed via shell history, process listings, logs, or agent transcripts. This increases the chance of accidental credential disclosure and unauthorized API use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.