Back to skill

Security audit

Voice Agent

Security checks across malware telemetry and agentic risk

Overview

This is a small voice I/O client whose file and network behavior matches its stated purpose, though users should understand that text-to-speech may involve AWS Polly.

Install this only if you trust the separate backend you run on localhost:8000. Use deliberate audio input files and safe output paths, and avoid sending secrets, regulated data, or highly private text to speech synthesis unless you are comfortable with the backend and AWS Polly handling that text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documents network-dependent behavior but declares no permissions, which undermines transparency and security review. It connects to a local backend at localhost:8000 and also references AWS Polly, so users and enforcement systems may not understand the actual data flows or trust boundaries.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documentation says the skill is 'client-only' and frames it as local voice I/O, but TTS is performed via AWS Polly, which is a remote cloud service. This can mislead users into believing all processing is local when response text may be transmitted off-host, creating privacy and compliance risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill does not warn users that text supplied for synthesis may be sent to AWS Polly, which is a third-party service. In a voice interaction workflow, responses may contain sensitive or regulated information, so the missing disclosure increases the chance of inadvertent data exfiltration.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.