transcribe-he

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it sends chosen media or URLs to TextOps and saves transcript files locally.

Install only if you are comfortable sharing the recordings, links, filenames, job IDs, and resulting transcript content with TextOps for processing. Avoid private or tokenized URLs unless necessary, keep TEXTOPS_API_KEY in an environment variable rather than chat or files, and delete or secure generated transcript files when the audio is sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The invocation text uses very broad trigger phrases like always triggering on generic requests such as 'I want to transcribe this file' or 'תמלל את זה', which can cause accidental activation on ambiguous attachments or ordinary conversation. Because the skill performs external transmission and local file writes, false activations can unintentionally send private media to a third-party API.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill states that transcripts are automatically saved as JSON and TXT files next to the original file or in the current directory, but the description does not prominently warn users beforehand that artifacts will be written to disk. This can expose sensitive transcription content on shared systems, synced folders, or insecure working directories without informed consent.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill description says it transcribes using the TextOps API but does not clearly warn that local files or URLs are sent to external services for processing, including a probe step for URLs and remote job handling. This is especially risky because users may provide sensitive audio or video without realizing that content and metadata leave the local environment.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill uploads local media or submits remote media URLs to a third-party transcription provider, but the script itself does not present a clear consent or privacy warning at the point of transmission. In an agent skill context, users may reasonably assume local processing, so silent transfer of potentially sensitive audio/video can expose confidential content, metadata, and linked resources to an external service.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal