Listen

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only transcription helper that persistently learns correction hints and provides STT setup guidance, with no evidence of hidden code, exfiltration, or destructive behavior.

Install this if you want persistent transcription personalization. Avoid saving confidential names or terms unless necessary, periodically review learned corrections, and only apply STT provider or API-key configuration changes after confirming the provider, cost, and privacy tradeoffs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation rule 'Detect when transcribed text seems off' is subjective and broad, which can cause the skill to trigger on normal conversation without clear user intent. In a skill that stores learned corrections over time, this increases the chance of silently capturing, persisting, and acting on inaccurate or sensitive content.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill states it 'auto-evolves' and 'learn[s] from user corrections' but does not warn users that corrections and patterns may be persisted over time. This creates a transparency and privacy risk because users may reveal names, domain-specific terms, or other sensitive content without realizing it will be retained.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal