MLX STT

Security checks across malware telemetry and agentic risk

Overview

This skill coherently performs local speech-to-text on Apple Silicon, with the main caveat that installation pulls external command-line dependencies.

Install only if you are comfortable letting Homebrew and uv add or update local tools, including mlx-audio. Prefer invoking it explicitly with `/mlx-stt <audio>` and remember that transcripts will be printed into the agent session.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are broad natural-language patterns such as "STT ...", "ASR ...", and "Transcribe ...", which can match ordinary user requests rather than an explicit invocation. This increases the chance the skill runs unexpectedly on user-provided audio paths or transcription requests, creating unintended execution and expanding the attack surface for any installation or runtime behavior in the referenced scripts.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The install script automatically runs system-modifying package installation commands via Homebrew and uv without any prompt, warning, or prior disclosure to the user. This is dangerous because executing the script changes the local environment, pulls remote packages, and expands the supply-chain trust boundary in a way users may not expect from simply installing or invoking a skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal