Walkie-Talkie Mode

Security checks across malware telemetry and agentic risk

Overview

This skill’s local voice transcription and reply workflow matches its WhatsApp walkie-talkie purpose, with no evidence of hidden exfiltration or destructive behavior.

Install only if you want WhatsApp voice messages processed locally for automated voice-style replies. Be mindful that spoken content may be transcribed into temporary local files, and consider telling conversation participants before using an automated walkie-talkie mode.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill automatically transcribes incoming WhatsApp audio and generates voice responses without describing any user-facing notice, consent, or privacy warning. This is risky because users may not understand that voice messages are being processed automatically, potentially exposing sensitive spoken content and creating unexpected automated replies in a messaging channel.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal