Back to skill

Security audit

Chat With Anyone

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about making synthetic voices, but it handles real-person voice imitation, uploaded photos, third-party API uploads, and stored voice artifacts without enough scoping and consent controls.

Review before installing. Use only for consented, clearly disclosed, lawful synthetic-audio use, and do not present generated audio as real. Expect it to download public speech, upload selected images/descriptions to Noiz, use a Noiz API key, and leave generated voice files locally; keep the default Noiz endpoint and clean up outputs you do not want retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to infer sensitive or appearance-based traits such as gender, approximate age, demeanor, and contextual personality cues from an uploaded image to drive voice generation. This expands from simple media transformation into profiling and attribute inference, which can be inaccurate, privacy-invasive, and harmful when applied to real people without consent.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The workflow tells the agent to determine whether the person in an uploaded image is a recognizable public figure and route to a real-voice cloning flow. That is effectively face identification/recognition, which materially increases privacy and impersonation risk and is not clearly disclosed in the manifest.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill performs network retrieval of third-party media and writes downloaded/generated files to local storage, but the user-facing description does not clearly disclose those actions. This can undermine informed consent, surprise users with local data retention, and increase privacy/copyright risk when handling third-party media and generated voice artifacts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The ffmpeg command includes '-y', which silently overwrites any existing output file path. If an attacker or untrusted workflow can influence the output path, this can destroy or replace files without warning; in a skill with filesystem permission, that makes accidental or adversarial data loss more plausible.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code uploads a user-provided image and/or voice description, along with an API credential, to a third-party service without any built-in notice, consent checkpoint, or data-handling disclosure. In this skill context, the uploaded image may depict a real person and can be sensitive biometric-style input, making silent transmission more privacy-sensitive than in a generic text-only tool.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The script saves generated audio previews and a voice identifier to disk automatically without warning the user or offering control over retention. While the files are created as part of expected functionality, silent persistence can expose sensitive synthesized voice artifacts or identifiers to other local users, backups, or later unintended reuse.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.