妙达语音转文字

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only speech-to-text helper, with privacy caveats because it sends user-chosen audio to an external CLI workflow.

Install only if you trust or can verify `miaoda-studio-cli`. Use it on audio files you are authorized to transcribe, and avoid confidential recordings unless you understand where the CLI processes the audio and how transcripts are retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger list contains very broad terms such as 'transcribe', 'speech to text', and common Chinese equivalents that can match many ordinary user requests. This can cause the skill to activate too readily, leading users to route audio content into a transcription workflow without clear intent confirmation, which increases the chance of accidental processing of sensitive data.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs users to upload or process audio for transcription but provides no warning that recordings may contain personal, confidential, or regulated information. In this context, speech-to-text is inherently privacy-sensitive because meeting recordings, interviews, and voice notes often include names, credentials, business secrets, or other sensitive content, so omission of a privacy notice materially increases misuse risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal