Omnicast

Security checks across malware telemetry and agentic risk

Overview

OmniCast is a coherent local podcast-production app, but users should understand that it sends media/text to external AI services and can delete its saved session folders.

Install only if you are comfortable sending submitted media, extracted text, transcripts, scripts, captions, and generated prompts to external AI providers. Use it on a trusted local machine, avoid confidential or regulated content unless your provider agreements allow it, review URLs before ingestion, and keep backups of session folders before using delete-all.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The client exposes a destructive 'delete all sessions' action that permanently removes all session folders in the downloads directory. While gated by a confirm dialog, there is no evidence here of authorization, scoping, or safety checks, so if the endpoint is reachable by an unauthorized user or abused through the UI, it could cause large-scale data loss.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The middleware resolves the hostname once and checks the returned IP, but the later axios/ytdl requests still use the original URL and perform their own DNS resolution. That means an attacker can exploit DNS rebinding or multi-record DNS behavior so validation sees a public IP while the actual fetch connects to a private or localhost address, enabling SSRF against internal services.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly states it uses external AI providers via GEMINI_API_KEY and OPENAI_API_KEY, and it accepts uploaded files or URLs for processing, but it does not warn users that submitted content may be transmitted to third-party services. This creates a real privacy and data-handling risk because users may provide sensitive media or text under the assumption processing is purely local when only the API wrapper is local.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The ingestion flow says it will detect language and translate to English if necessary, with no indication of user choice, opt-out, or a documented requirement that English is mandatory. This can expose user content to unnecessary transformation and likely external processing, increasing privacy risk and introducing integrity issues through mistranslation, especially for sensitive or legally significant material.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The YouTube OAuth access token obtained in the browser is sent directly to the backend in the request body. This expands token exposure to the server, logs, monitoring systems, and any backend compromise, and the UI does not clearly warn the user that their Google-granted token is being shared server-side for upload operations.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The route sends the full WebVTT subtitle content to an external AI provider for translation, which can expose potentially sensitive or copyrighted transcript data to a third party. There is no evidence in this file of explicit user consent, data minimization, redaction, or provider-side privacy controls, so users may be unaware their caption contents are being transmitted off-platform.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The code sends local audio content to OpenAI's external transcription/translation API via `openai.audio.translations.create(...)`, but this file contains no consent gate, disclosure, or privacy control before transmitting potentially sensitive media. If the media contains personal, confidential, or regulated information, users may unknowingly exfiltrate data to a third party, creating privacy, compliance, and trust risks.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The implementation hard-codes use of the translations endpoint and logs that chunks are being translated to English, forcing English output without user choice. This can distort meaning, reduce accuracy for multilingual content, and create downstream safety or business errors if users expect verbatim transcription in the source language.

Ssd 2

Medium

Confidence: 96% confidence
Finding: The comment 'Softened translation prompt to satisfy security scanners' is a strong red flag that the author was consciously modifying code to avoid detection rather than address the underlying security concern. Even though the immediate technical behavior is the same prompt construction, this intent signal increases risk because it suggests future insecure prompt handling or data-transfer behavior may be deliberately hidden from review.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal