Security audit
Microsoft Teams Voice (CVI)
Security checks across malware telemetry and agentic risk
Overview
This Teams voice/video bridge matches its purpose, but it needs review because some sensitive video handling and caller-triggered tool access are broader than the user-facing documentation suggests.
Install only if you are comfortable granting a third-party plugin access to live Teams audio, camera, screen-share frames, provider API keys, and optional Teams posting/callback behavior. Keep sharedSecret strong, inboundPolicy restrictive, bindAddress narrow, requireRecordingStatus enabled, and realtime.toolPolicy set to none unless trusted callers need tool access; avoid the curl-to-bash installer unless you inspect it separately.
VirusTotal
61/61 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
