Ntriq X402 Audio Intel Batch

Security checks across malware telemetry and agentic risk

Overview

This is a small paid transcription skill that clearly uses a remote API, but users should treat submitted audio URLs and transcripts as shared with the provider.

Install only if you are comfortable paying $9 USDC per call and sending the listed audio URLs, fetched audio, and resulting transcripts to ntriq's remote service. Do not submit confidential, regulated, or private recordings unless you have authorization and are comfortable with the provider's privacy and retention practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill sends user-supplied audio URLs and receives transcription content from a remote third-party service, but it does not clearly warn users that potentially sensitive audio and derived text leave the local environment. This can lead to unintended disclosure of confidential call recordings, PII, or regulated data, especially because the feature is explicitly marketed for bulk processing of up to 500 files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal