Walkie-Talkie Mode

Security checks across malware telemetry and agentic risk

Overview

This skill appears to provide local walkie-talkie style voice transcription and speech replies, with no evidence of hidden network sharing or persistence.

Before installing, be aware that voice messages may be transcribed and transformed into audio replies locally. Use it only with audio you are comfortable processing on your machine, and review any generated reply before sending if your client supports that workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill is designed to automatically process incoming voice messages and generate outbound audio replies, but it does not disclose this behavior or warn users that their audio will be transcribed and transformed into responses. This creates a transparency and consent problem, especially for voice data, which may contain sensitive personal information and could lead users to share content they would not have sent if they understood the automation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal