Back to skill

Security audit

Smart Audio Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent audio transcription and speaker-identification skill, but it handles very sensitive recordings, uploads audio or transcripts to cloud providers when configured, stores voice identifiers locally, and has a local Whisper command-execution risk with untrusted filenames.

Review before installing. Use it only for recordings you are allowed to process, prefer local Whisper for sensitive audio, and avoid the Whisper fallback on untrusted files or filenames with unusual characters until the shell-command construction is fixed. Treat transcripts, summaries, `voice-profiles.md`, and `voice-db.json` as sensitive data; enroll speakers only with consent and delete stored profiles when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger keywords include broad phrases like '转写', '会议纪要', and 'analyze audio' that could match ordinary user requests and invoke the skill unexpectedly. Because this skill can read audio files, execute shell commands, access network ASR services, and persist speaker profiles across sessions, accidental invocation carries meaningful privacy and data-handling risk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation rule 'use this template when no other scene matches' is overly broad and underspecified, which can cause arbitrary fallback classification of audio into the 'general' scene. In a skill that performs structured summarization and persistent voice-profile workflows, ambiguous routing can lead to incorrect note generation, misfiled records, and downstream misuse of sensitive conversation data.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The file is written to require Chinese output and does not provide any user-language negotiation or preservation of the source language. For an audio-analysis skill, this can cause summaries, action items, and archived notes to be produced in an unexpected language, increasing the risk of misunderstanding, incorrect operational follow-up, and unsafe handling of sensitive transcripts across multilingual users.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The scene-classification trigger list is very broad and consists of common product-discussion terms such as 用户, 需求, 反馈, and 功能. In an audio-analysis skill that auto-detects scenes and applies specialized prompts plus archival behavior, this can misclassify ordinary conversations as customer interviews, causing inappropriate extraction of personal statements, inferred product insights, and storage under interview-specific memory paths.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The file is written to enforce Chinese-language output and provides no user-language negotiation, which can cause incorrect or inaccessible output for users speaking other languages. In a transcription and analysis workflow, this increases the risk of misunderstanding, bad summaries, and mishandling of quoted user statements, though it is more a safety/quality and usability issue than a direct security compromise.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The meeting trigger keywords are broad workplace terms such as 项目, 需求, 开发, and 测试, which can cause ordinary conversations to be misclassified as formal meetings. In this skill, misclassification matters because the workflow generates structured meeting notes and archives them, increasing the chance of collecting, labeling, and persistently storing content under the wrong scene.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The scene trigger keywords are overly broad and include very common terms such as 教练, 划, and 船, which can cause the rowing scene to activate on unrelated audio. In this skill, accidental activation is more dangerous because the downstream workflow performs structured analysis and may reference persistent voice profiles, increasing the chance of misclassification and privacy-impacting processing of the wrong recordings.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The scene trigger keywords are very broad and include common phrases like greetings and generic presentation terms, so ordinary conversation can be misclassified as a lecture/share session. In this skill, misclassification matters because downstream behavior includes structured note generation and archival to a scene-specific memory path, which can cause incorrect storage, privacy issues, and unreliable analysis results.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill uploads audio and/or transcript content to third-party services such as AssemblyAI, Gemini/OpenRouter, and the summarization provider, but provides no explicit user-facing notice or consent gate before transmitting potentially sensitive conversations. In the context of meeting, interview, and training recordings, this can expose personal, business-confidential, or regulated data to external processors unexpectedly.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill persistently stores voice embeddings in a local database, enabling cross-session biometric identification without any consent, notice, retention control, or access protection. Voiceprints are sensitive biometric identifiers, and unauthorized collection or reuse can create serious privacy, compliance, and tracking risks far beyond a normal transcription feature.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/analyze.js:177