Back to skill

Security audit

Fieldy AI Webhook

Security checks across malware telemetry and agentic risk

Overview

This skill performs the Fieldy webhook integration it describes, but it stores raw voice transcript text locally more broadly than the documentation clearly discloses.

Install only if you are comfortable with Fieldy transcript text being stored in plaintext under the workspace. Before use, consider editing src/fieldy-webhook.js to disable logging, log only metadata, redact sensitive content, or add retention cleanup. Use a strong webhook token, prefer Authorization headers over query-string tokens where possible, and limit the authority of the Fieldy agent that authenticated webhook requests can trigger.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill does more than a webhook transform: it persistently stores full transcript content to workspace files. This creates an unnecessary data retention surface for potentially sensitive voice input, increasing the chance of later disclosure through logs, backups, repository inclusion, or other workspace access.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The workspace discovery logic expands the skill's reach beyond simple message transformation and enables writing data into whichever directory is detected as the workspace. In this context, that capability is risky because webhook-supplied transcript content is later persisted locally, and the manifest does not clearly justify or disclose this storage behavior.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states that transcripts without the wake word are logged to JSONL files under the workspace, but it does not warn users about retention, sensitivity, or privacy implications. Because webhook transcripts can contain personal, confidential, or regulated data, silent logging increases the risk of unintended disclosure, over-retention, and insecure local storage.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Transcript text is written to disk without any user-facing disclosure or consent mechanism, even though voice transcripts commonly contain sensitive personal or operational information. Silent persistence increases privacy and compliance risk because users and operators may reasonably expect a transform hook to process data ephemerally.

Ssd 3

Medium
Confidence
95% confidence
Finding
The code stores full natural-language transcriptions in plain form in daily JSONL files, which can expose secrets, personal data, or confidential spoken instructions to anyone with workspace or backup access. Because the content is human-readable and retained over time, the leak impact is materially higher than minimal telemetry or aggregated logs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.