Chatbot

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward SenseAudio voice-chatbot integration guide, with expected external voice-session and API-key handling that users should treat as sensitive.

Before installing or using this skill, confirm you are comfortable sending voice interactions and session metadata to SenseAudio, keep the API key and session tokens server-side, avoid logging tokens or conversation IDs unnecessarily, and obtain user consent where voice or emotion-processing data may be involved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly enables real-time voice dialogue, multi-turn conversations, and analytics, but it does not warn users that audio, conversation identifiers, room IDs, and related metadata are sent to a third-party external service. This creates a transparency and privacy risk because developers may integrate it without informing end users or assessing whether sensitive voice content is leaving their environment.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal