Voice Reply Mode

Security checks across malware telemetry and agentic risk

Overview

The skill appears low risk; the only notable issue is a fixed Chinese voice/locale default that may not match every user’s preference.

Before installing, check whether you want this skill to default to Chinese voice/locale settings. If you use another language, configure the voice or ask the agent to confirm language and voice before producing audio.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill hard-codes a Chinese locale/voice as the default and instructs agents to use it without any user opt-in or preference check. This can override user expectations, create deceptive or unsuitable voice output, and may introduce privacy, accessibility, or policy issues in multilingual environments where language selection should be explicit.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal