Percept Speaker ID

Security checks across malware telemetry and agentic risk

Overview

This is a small, coherent speaker-management skill that stores local speaker identity and authorization settings for its stated purpose, with no evidence of hidden or unrelated behavior.

Install only if you are comfortable keeping local speaker identity and authorization records for Percept. Restrict access to the Percept dashboard and percept/data/speakers.json, review owner and approved entries carefully, and delete or correct outdated speaker mappings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill documents a local speaker registry containing real names, ownership status, and authorization state, but does not warn users that this is personally identifying data tied to voice interactions. In a voice-enabled system, this omission can lead operators to store sensitive identity data without understanding privacy implications, retention concerns, or the risk of unauthorized local access to the registry.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal