Fn IME Voice Switch

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed macOS Hammerspoon setup guide for switching input methods with the Fn key, with no hidden code or exfiltration behavior found.

Before installing, review the exact Hammerspoon config you will run, because Accessibility and Input Monitoring can allow broad input observation and UI automation. Revoke those macOS permissions if you stop using the workflow, and verify any missing or externally fetched init.lua template before enabling it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs the user to grant Hammerspoon both Accessibility and Input Monitoring, which gives it broad ability to observe keystrokes and control UI behavior. In this context the permissions are functionally required for the automation, but the document does not clearly warn that these privileges enable sensitive monitoring and automation beyond the narrow Fn-switch use case, increasing the risk of overbroad trust and misuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal