Back to skill

Security audit

Deepgram Voice Workflow

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Deepgram voice workflow, but users should understand that audio/text is sent to Deepgram and outputs are saved locally.

Install only if you are comfortable sending chosen audio and reply text to Deepgram. Use a scoped Deepgram API key, confirm whether /root/.openclaw/.env is an acceptable secret source, and clean up transcript, JSON, and MP3 outputs when they contain sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises and instructs use of shell scripts, environment variables, and file I/O, but it does not declare corresponding permissions. This creates a trust and transparency gap: a caller may invoke the skill without understanding that it reads secrets, accesses local files, and executes shell-based workflows, which can lead to unintended data exposure or unsafe execution in agent environments.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script automatically falls back to reading a Deepgram API key from a fixed privileged file under /root/.openclaw/.env. That behavior expands the script's access beyond explicitly supplied inputs and can cause unexpected credential use in contexts where the caller did not intend to grant this script access to root-scoped secrets.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documentation encourages sending audio for transcription and text for speech synthesis to Deepgram, but it does not clearly warn users that voice content and generated text leave the local environment and are transmitted to a third-party service. In voice workflows, this can expose sensitive personal, biometric, or business information without informed user consent, especially in bot automation contexts.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script uploads the provided audio file to Deepgram's external API, which may expose sensitive voice content to a third party. In a voice automation skill, this transmission is functionally expected, but the lack of an explicit warning or confirmation increases the risk of unintentional disclosure of personal or regulated audio data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This script sends input audio to Deepgram for transcription and optionally sends reply text for TTS, but it provides no user-facing notice, consent check, or privacy guardrail before transmitting potentially sensitive voice content to a third-party service. In the context of voice-message automation for Telegram/QQ/OneBot workflows, the content may include personal data, private conversations, or regulated information, so silent exfiltration to an external API creates a real privacy and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.