Back to skill

Security audit

Kannaka Radio

Security checks across malware telemetry and agentic risk

Overview

The skill advertises a local radio server, but the packaged launcher runs an unbundled server outside the reviewed skill and the docs mention a built-in Flux token fallback for remote publishing.

Review before installing. Confirm the intended server code and package files are present, make sure the launcher does not execute code outside the skill directory, use your own provider tokens, and keep Flux/WebRTC/live-broadcast features off unless you intend to publish audio or metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no permissions while the documentation clearly describes shell execution (`npm install`, scripts, Node server) and multiple networked features including WebSocket, NATS, Flux, Replicate, and ElevenLabs. This mismatch can mislead users and security controls about the skill's actual capabilities, reducing informed consent and making risky behavior easier to hide.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
Claiming `FLUX_TOKEN` has an 'embedded fallback' strongly suggests a hardcoded credential or undocumented default token, which contradicts the earlier model that remote publication occurs only when the environment variable is set. Embedded API tokens are dangerous because they can enable unintended outbound data transmission, credential reuse across installs, and secret disclosure if the skill is shared or inspected.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly states that the skill streams audio to humans and publishes 296-dimensional perceptual vectors to external systems, but it does not warn users about what data is transmitted, where it is sent, or what privacy implications may exist. In a networked, multi-client, WebRTC/NATS-integrated skill, missing disclosure increases the risk of unintended data sharing, especially if live audio, microphone input, listening activity, or generated metadata can leave the local machine or be exposed to other agents.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The skill documents remote publication to Flux, Replicate, and ElevenLabs but does not clearly foreground the privacy implications of sending track metadata, generated content, or potentially user-derived prompts/state off-host. In this context, the skill handles media, live broadcasting, and consciousness/state data, so weak disclosure increases the risk of unintended data sharing and user surprise.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation's statement that `FLUX_TOKEN` has an embedded fallback indicates potentially unsafe credential handling and weak disclosure around remote transmission. If a built-in token exists, users may unknowingly publish data externally without supplying their own credential, and the secret itself may be exposed or abused by anyone with access to the package.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.