Back to skill

Security audit

Walkie-Talkie Mode

Security checks across malware telemetry and agentic risk

Overview

This skill clearly describes a local WhatsApp voice-message transcription and voice-reply workflow that matches its stated walkie-talkie purpose.

Install this only if you want WhatsApp voice notes transcribed and handled as prompts, with replies sent as generated audio. Because spoken messages may include private information, make sure participants are comfortable with local transcription and automated voice replies before using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill is designed to automatically transcribe incoming WhatsApp voice messages and process them as prompts, but the user-facing description does not clearly warn users that their audio content will be converted to text and handled by the agent. This creates a privacy and consent problem because users may reasonably expect voice notes to be treated differently from text, especially when sensitive or personal information may be contained in audio.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.