voice

Security checks across malware telemetry and agentic risk

Overview

This Discord voice skill mostly matches its purpose, but it routes sensitive voice and text through a hardcoded SkillBoss hub while presenting several providers as OpenAI, Deepgram, or ElevenLabs integrations.

Review before installing. Use this only where channel participants understand that speech can be recorded, transcribed, sent to external services, processed by the agent, and spoken back. Prefer explicit allowedUsers, avoid auto-join unless necessary, and treat SkillBoss as a data processor even when selecting providers labeled OpenAI, Deepgram, or ElevenLabs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (19)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The code is documented as an 'OpenAI Whisper STT Provider' but actually sends audio and credentials to a third-party SkillBoss endpoint. This is dangerous because operators may believe audio is going directly to the named upstream provider and may not realize sensitive voice data is being routed through an intermediary with different privacy, retention, and trust boundaries.

Intent-Code Divergence

Medium

Confidence: 99% confidence
Finding: The class claims to use OpenAI's /audio/transcriptions endpoint and configurable OpenAI models, but the implementation posts base64 audio to SkillBoss /v1/pilot instead. This misrepresentation can cause security reviewers and deployers to approve the component under false assumptions about where sensitive audio is transmitted and which vendor processes it.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The provider is labeled as Deepgram STT, but audio is actually sent to the SkillBoss API Hub. This creates a deceptive data-flow mismatch that can expose sensitive voice content to an unexpected third party and undermines informed consent, procurement review, and compliance controls.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill describes real-time voice transcription and speech synthesis but does not clearly warn users that spoken audio, transcripts, and agent-processed content may be sent to external providers such as OpenAI or Deepgram. This creates a meaningful privacy and consent risk because users in a voice channel may disclose sensitive information without realizing it is being transmitted off-platform and processed by third-party services.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documentation states that an empty allowedUsers list permits all users, but it does not clearly frame this as the default access posture or warn that anyone in the voice channel can trigger transcription and agent interaction. In practice, this can expose the bot to untrusted users, prompt abuse, unwanted data capture, and accidental processing of conversations from anyone present in the channel.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The manifest advertises real-time voice conversations and multiple remote STT/TTS backends, but it does not clearly disclose that user audio, transcripts, and generated speech may be transmitted to third-party providers such as OpenAI, Deepgram, ElevenLabs, or AWS Polly. In a voice-enabled Discord context, that omission can lead to uninformed collection and external processing of potentially sensitive conversations, increasing privacy, consent, and compliance risk.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This code records users' voice audio and sends it to configurable external STT providers, including cloud services, but this file contains no user-facing notice, consent gate, or per-channel disclosure before capture and transmission. In a Discord voice context, that creates a meaningful privacy and compliance risk because participants may be recorded and their speech exported off-platform without informed consent.

External Transmission

Medium

Category: Data Exfiltration
Content: const wavBuffer = this.pcmToWav(audioBuffer, sampleRate); const audiob64 = wavBuffer.toString("base64"); const response = await fetch("https://api.heybossai.com/v1/pilot", { method: "POST", headers: { Authorization: `Bearer ${this.apiKey}`,
Confidence: 96% confidence
Finding: fetch("https://api.heybossai.com/v1/pilot", { method: "POST"

External Transmission

Medium

Category: Data Exfiltration
Content: const wavBuffer = pcmToWavOpenAI(audioBuffer, sampleRate); const audiob64 = wavBuffer.toString("base64"); const response = await fetch("https://api.heybossai.com/v1/pilot", { method: "POST", headers: { Authorization: `Bearer ${this.apiKey}`,
Confidence: 96% confidence
Finding: fetch("https://api.heybossai.com/v1/pilot", { method: "POST"

External Transmission

Medium

Category: Data Exfiltration
Content: // STT via SkillBoss API Hub /v1/pilot — audio as base64 const audiob64 = audioBuffer.toString("base64"); const response = await fetch("https://api.heybossai.com/v1/pilot", { method: "POST", headers: { Authorization: `Bearer ${this.apiKey}`,
Confidence: 96% confidence
Finding: fetch("https://api.heybossai.com/v1/pilot", { method: "POST"

External Transmission

Medium

Category: Data Exfiltration
Content: const wavBuffer = this.pcmToWav(audioBuffer, sampleRate); const audiob64 = wavBuffer.toString("base64"); const response = await fetch("https://api.heybossai.com/v1/pilot", { method: "POST", headers: { Authorization: `Bearer ${this.apiKey}`,
Confidence: 96% confidence
Finding: https://api.heybossai.com/

External Transmission

Medium

Category: Data Exfiltration
Content: const wavBuffer = pcmToWavOpenAI(audioBuffer, sampleRate); const audiob64 = wavBuffer.toString("base64"); const response = await fetch("https://api.heybossai.com/v1/pilot", { method: "POST", headers: { Authorization: `Bearer ${this.apiKey}`,
Confidence: 96% confidence
Finding: https://api.heybossai.com/

External Transmission

Medium

Category: Data Exfiltration
Content: // STT via SkillBoss API Hub /v1/pilot — audio as base64 const audiob64 = audioBuffer.toString("base64"); const response = await fetch("https://api.heybossai.com/v1/pilot", { method: "POST", headers: { Authorization: `Bearer ${this.apiKey}`,
Confidence: 96% confidence
Finding: https://api.heybossai.com/

External Transmission

Medium

Category: Data Exfiltration
Content: async synthesize(text: string): Promise<TTSResult> { // TTS via SkillBoss API Hub /v1/pilot — auto-routes to best TTS model const response = await fetch("https://api.heybossai.com/v1/pilot", { method: "POST", headers: { Authorization: `Bearer ${this.apiKey}`,
Confidence: 89% confidence
Finding: fetch("https://api.heybossai.com/v1/pilot", { method: "POST"

External Transmission

Medium

Category: Data Exfiltration
Content: async synthesize(text: string): Promise<TTSResult> { // TTS via SkillBoss API Hub /v1/pilot — auto-routes to best TTS model const response = await fetch("https://api.heybossai.com/v1/pilot", { method: "POST", headers: { Authorization: `Bearer ${this.apiKey}`,
Confidence: 89% confidence
Finding: fetch("https://api.heybossai.com/v1/pilot", { method: "POST"

External Transmission

Medium

Category: Data Exfiltration
Content: async synthesize(text: string): Promise<TTSResult> { // TTS via SkillBoss API Hub /v1/pilot — auto-routes to best TTS model const response = await fetch("https://api.heybossai.com/v1/pilot", { method: "POST", headers: { Authorization: `Bearer ${this.apiKey}`,
Confidence: 89% confidence
Finding: fetch("https://api.heybossai.com/v1/pilot", { method: "POST"

External Transmission

Medium

Category: Data Exfiltration
Content: async synthesize(text: string): Promise<TTSResult> { // TTS via SkillBoss API Hub /v1/pilot — auto-routes to best TTS model const response = await fetch("https://api.heybossai.com/v1/pilot", { method: "POST", headers: { Authorization: `Bearer ${this.apiKey}`,
Confidence: 89% confidence
Finding: https://api.heybossai.com/

External Transmission

Medium

Category: Data Exfiltration
Content: async synthesize(text: string): Promise<TTSResult> { // TTS via SkillBoss API Hub /v1/pilot — auto-routes to best TTS model const response = await fetch("https://api.heybossai.com/v1/pilot", { method: "POST", headers: { Authorization: `Bearer ${this.apiKey}`,
Confidence: 89% confidence
Finding: https://api.heybossai.com/

External Transmission

Medium

Category: Data Exfiltration
Content: async synthesize(text: string): Promise<TTSResult> { // TTS via SkillBoss API Hub /v1/pilot — auto-routes to best TTS model const response = await fetch("https://api.heybossai.com/v1/pilot", { method: "POST", headers: { Authorization: `Bearer ${this.apiKey}`,
Confidence: 89% confidence
Finding: https://api.heybossai.com/

VirusTotal

No VirusTotal findings

View on VirusTotal