Back to skill

Security audit

Wechat Voice

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local WeChat voice transcription skill, with a notable but manageable temporary-file hygiene issue.

Install only if you are comfortable processing voice attachments locally and installing the stated Python dependencies. Prefer using explicit per-request output paths, avoid shared multi-user environments for sensitive audio, and delete generated WAV files after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs the agent to read local files from conversation context and execute a shell command against a supplied path, but it does not declare any permissions or constraints for those capabilities. In an agent environment, undeclared file-read and shell access reduces transparency and can enable misuse, especially if an attacker can influence the attachment path or trigger the workflow unexpectedly.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
When no output path is supplied, decoded audio is always written to `/tmp/wechat-voice-decoded.wav`, a predictable shared path. On multi-user systems this can leak sensitive voice content, allow accidental cross-request data exposure, or enable symlink/clobber attacks depending on how the script is executed and filesystem protections.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.