Back to skill

Security audit

NEXUS Voice Transcriber

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent voice transcription tool, with disclosed local processing, optional Deepgram upload, URL input handling, and local transcript storage.

Install only if you are comfortable with transcripts being saved locally. Use Whisper for private recordings, choose Deepgram only when you intentionally accept sending audio to that provider, and avoid untrusted or very large URLs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises and operationally relies on sensitive capabilities including environment-variable access, filesystem writes, shell execution, and outbound network use, yet declares no permissions boundary. That mismatch can cause an agent platform or reviewer to underestimate what the skill can do, reducing user visibility and consent around audio downloads, API-key use, and local archival.

Intent-Code Divergence

Medium
Confidence
79% confidence
Finding
The skill claims it does not auto-upload without confirmation, but elsewhere instructs the agent to download URL inputs and process them automatically. Even if this is only a download rather than an upload, the mismatch is dangerous because it normalizes network retrieval and processing of user-supplied URLs without a clear confirmation or trust check, which can expose private resources, trigger SSRF-like access patterns, or surprise users about data handling.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script accepts arbitrary HTTP/HTTPS URLs and downloads remote content without any allowlisting, size/content-type validation, or network restrictions. In an agent context, this expands the skill into a generic network fetch primitive and can be abused for SSRF-like access to internal services, retrieval of attacker-chosen content, or resource exhaustion via large downloads.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
When the Deepgram provider is selected, audio is transmitted to an external API, but the script does not provide an explicit user-facing consent or warning at the point of transfer. In a voice-note archival skill, transcripts may contain sensitive personal, business, or regulated information, so silent third-party transmission creates a meaningful privacy and compliance risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.