Back to skill

Security audit

Voice Ai Integration

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Shengwang voice/video integration helper whose network fetches, sample-repo inspection, credential guidance, recording, and conversation-history references fit its stated purpose, though users should handle secrets and recorded/transcript data carefully.

Install this only if you want Shengwang voice/video integration help and are comfortable with the assistant fetching Shengwang docs and optionally inspecting listed sample repos. Use environment variables or a secret manager, never paste production secrets into client code or logs, confirm legal consent and retention rules before enabling recording or transcript/history features, and only connect trusted LLM or MCP endpoints with explicit tool allowlists.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to execute shell commands (`bash .../fetch-docs.sh`) but does not declare corresponding permissions. Undeclared execution capability weakens the trust boundary and can lead to unexpected command execution in environments that rely on manifest-level permissions for enforcement or review.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match generic terms like 'AI agent', 'recording', 'token', or 'live streaming', which can cause the skill to activate outside its intended vendor-specific context. Overbroad activation increases the chance of inappropriate routing, unnecessary network access, or shell-script execution when a user's request is unrelated to Shengwang.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explains that the feature records RTC session audio/video to cloud storage, but it does not warn users about privacy, consent, retention, and regulatory obligations before enabling recording. In a voice/video agent integration skill, this omission can lead operators to deploy recording without adequate notice or controls, increasing the risk of unauthorized surveillance, privacy violations, or noncompliance with laws and platform policies.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly exposes an API for retrieving short-term conversation memory, including user and agent messages, but does not provide any warning about sensitive data handling, access control expectations, retention, or privacy considerations. In a voice/AI agent integration context, conversation history can contain personal, confidential, or regulated data, so omitting privacy guidance increases the risk of misuse, overcollection, and insecure downstream handling.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to authenticate with highly sensitive credentials, including a customer key/secret pair and API keys in later examples, but does not provide any security guidance about storing, rotating, redacting, or avoiding client-side exposure of those secrets. In an agent-skill context, users may copy these examples directly into logs, prompts, or frontend code, which materially increases the chance of credential leakage and unauthorized API use.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document describes sending conversation content, user messages, tool-call context, timestamps, and possibly speaker metadata to external LLM and MCP endpoints, but does not clearly warn that user data may leave the Shengwang environment and be processed by third parties. In a voice/AI-agent integration, this is especially sensitive because the payload can include transcribed speech, account identifiers, and other personal or business data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.