Whisper Tailnet API

Security checks across malware telemetry and agentic risk

Overview

This skill only documents how to send user-selected audio to a disclosed Whisper transcription server, with privacy caution but no hidden or automatic behavior.

Install only if you trust the Tailnet Whisper server at 100.92.116.99:8765. Avoid sending confidential, regulated, or private recordings unless you know who operates the service and how uploaded audio and transcripts are handled.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs agents to upload local audio files to a remote service on a private Tailnet IP without any warning about privacy, retention, consent, or sensitivity of the audio content. Audio often contains personal, confidential, or regulated data, so encouraging transmission without safeguards can lead to unintended disclosure even if the service itself is legitimate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal