Back to skill

Security audit

Clonev

Security checks across malware telemetry and agentic risk

Overview

This is a real voice-cloning skill, but it under-controls consent, sharing, and retention of sensitive voice data.

Review before installing. Use only with your own voice or voices where you have explicit permission, avoid impersonation or fraud-sensitive messages, disclose synthetic audio when sharing, confirm any Telegram send separately, and delete retained samples and generated audio from the working directory when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill is declared as a voice-cloning utility, but the documentation instructs the agent to forward generated audio to Telegram, which expands the skill into message delivery. That creates an unnecessary exfiltration and impersonation pathway: cloned speech can be immediately transmitted to third parties without an explicit, separate user confirmation step.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
These additional examples normalize a full workflow in which cloned audio is generated and then sent over Telegram, extending the skill beyond its stated purpose. In the context of voice cloning, bundling generation with outbound messaging increases abuse potential for scams, impersonation, and unauthorized distribution of synthetic speech.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The quick-reference card gives compact operational instructions for generating cloned speech and sending it via Telegram, making misuse easier for an automated agent. Because voice cloning is highly sensitive and can impersonate real people, adding immediate delivery instructions materially increases the likelihood and scale of harmful use.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly advertises cloning 'your voice or someone else's voice' and generating speech that sounds like a specific person, but provides no warning or safeguard about consent, impersonation, fraud, or privacy harms. In a voice-cloning context, that omission is dangerous because it presents a high-risk capability as routine and frictionless, lowering barriers to deceptive or non-consensual use.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script copies a user-provided voice sample into a persistent local directory and leaves it there without any disclosure, retention control, or cleanup. Because voice samples are highly sensitive biometric data, silent persistence increases privacy risk, unauthorized reuse risk, and accidental exposure if the host filesystem or shared container workspace is accessed by others.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.