Back to skill

Security audit

Aliyun Asr

Security checks across malware telemetry and agentic risk

Overview

This speech-to-text skill appears purpose-built, but it can automatically send voice messages from broad chat channels to Aliyun and may leave converted audio files on disk.

Review before installing in shared or sensitive chat environments. Enable it only where users understand that voice messages may be sent to Aliyun for transcription, use a tightly scoped Aliyun RAM credential, install dependencies from trusted sources, and fix or accept the OGG-to-WAV retention behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no permissions, yet its documented behavior clearly implies reading a local config file, invoking external Aliyun network APIs, and relying on Python/runtime execution. This mismatch weakens security review and user consent because the platform cannot accurately inform operators what the skill is capable of doing.

Vague Triggers

Medium
Confidence
85% confidence
Finding
Describing the skill as automatically handling voice messages without precise trigger conditions creates an overbroad activation surface. In an agent environment, ambiguous auto-invocation can cause unexpected processing of messages or unintended data transfer to a third-party service.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Applying the skill to 'any supported channel' without boundaries broadens collection and processing scope beyond what users may reasonably expect. Because this skill sends voice data to Aliyun for transcription, vague trigger scope increases the risk of unauthorized or accidental disclosure across integrations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation does not clearly warn users that voice content will be transmitted off-platform to Aliyun for processing. For a transcription skill, this is a material data-flow disclosure issue because users may share sensitive spoken content without understanding that a third-party cloud provider will receive it.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill uploads raw audio content to a third-party cloud ASR endpoint without any explicit notice, consent, or code-path disclosure to the user. In a multi-channel messaging context, this can expose sensitive voice content, personal data, or regulated information to an external service unexpectedly, creating a privacy and compliance risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code sends user-provided audio to an external ASR component without any disclosure, consent flow, or indication of where media is processed. Because voice recordings can contain sensitive personal or business information, silent transfer to a third-party speech service creates a real privacy and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.