Luis Audio Translator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a local audio-processing tool, but one optional split cleanup flag can recursively delete any chosen output folder without safeguards.

Install only if you are comfortable with a local audio tool that runs FFmpeg and optional configured helper programs. Avoid using --clean with any output directory that contains important files; use a new empty output folder for split jobs until the cleanup behavior is constrained or documented with stronger safety checks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 76% confidence
Finding: When '--clean' is used, the script unconditionally calls shutil.rmtree on the resolved output directory before splitting. Because the output directory is user-controllable, a mistaken or maliciously supplied path can cause recursive deletion of arbitrary directories accessible to the process, leading to data loss; in an agent skill context this is more dangerous because the tool may operate on paths provided indirectly by another system or user.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal