Ai Voice Cloning

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent AI voice-generation helper, but users should understand that voice/text/media inputs go to inference.sh and the CLI install uses a remote shell script.

Install only if you trust inference.sh and are comfortable reviewing or manually installing its CLI. Do not submit private scripts, regulated data, unconsented voice samples, portraits, or videos unless you have permission and accept the provider’s data handling terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill repeatedly instructs users to submit text and remote audio/image/video URLs to external inference services without a clear, prominent disclosure of data egress and third-party processing. This creates privacy and compliance risk because users may unknowingly transmit sensitive script content, voice samples, portraits, or media URLs to an external platform.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal