audio-audit-skill

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it can expose a SenseAudio API key and sends potentially private audio to a third-party service without strong warnings or consent controls.

Review before installing. Do not let the agent print your `SENSEAUDIO_API_KEY`; replace that check with a redacted presence test. Only process recordings you are authorized to upload to SenseAudio, avoid broad batch directories with private media, and secure or delete generated transcripts and audit reports after use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 97% confidence
Finding: The skill invokes shell commands, reads environment variables, accesses files, writes reports, and calls an external ASR service, but it does not declare these capabilities or permissions. This creates a transparency and consent gap: users and the host agent may not realize that local media files, transcripts, and API-backed network requests are involved, increasing the risk of unintended data exposure.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README promotes auditing internal meetings and sending audio for ASR/transcription without clearly warning that highly sensitive speech content may be transmitted to an external service and converted into persistent text. In a security-sensitive enterprise setting, this can lead to unintended disclosure of confidential, personal, or regulated information due to user misunderstanding rather than an explicit technical safeguard.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: Batch processing plus structured report generation increases the chance that large volumes of sensitive transcriptions, flagged segments, and metadata will be stored in outputs without users appreciating the sensitivity of those artifacts. This is especially risky for moderation and audit workflows because reports can become a secondary data store containing confidential or regulated content.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad, everyday requests such as auditing audio or checking a video, without guardrails on scope, data sensitivity, or when external processing should be avoided. This can cause the skill to activate in contexts involving private meetings, confidential recordings, or regulated content, leading to over-collection and transmission of sensitive media.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill description does not warn users that audio/video files and derived transcripts may be transmitted to an external ASR provider and may contain highly sensitive personal, corporate, or regulated information. In an audio-audit context, this omission is especially dangerous because recordings often include biometrics, names, conversations, and other private content that users may assume remains local.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The guide explicitly describes uploading/transcribing user audio and video through a third-party ASR service, but it does not warn users that potentially sensitive content may leave the local machine or be processed by an external provider. In an auditing tool, this omission is security-relevant because users may submit meetings, livestreams, or private recordings containing personal, confidential, or regulated data without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal