Walkie-Talkie Mode

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it turns WhatsApp voice notes into local text for the agent and replies with local text-to-speech audio.

Install only if you are comfortable with WhatsApp voice messages being transcribed and processed by the agent, and with the agent sending both text and voice-note replies. Verify that the referenced local transcription and TTS tools are trusted before enabling it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill automatically transcribes incoming WhatsApp voice messages and processes their contents, but the description does not warn users that their audio will be converted to text and handled by the system. In a messaging context, voice notes often contain sensitive personal, financial, or health information, so silent transcription creates a meaningful privacy and consent risk even if processing is local.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal