Security audit

Voice Meme Maker

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward SenseAudio text-to-speech helper that sends chosen text to SenseAudio and saves the returned audio as an MP3.

Install only if you intend to use SenseAudio for text-to-speech. Avoid submitting secrets, private personal data, or regulated content unless you are comfortable sending it to SenseAudio, and use a dedicated API key with quota controls where possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill sends user-provided text to a third-party TTS API and writes the returned audio to a local MP3 file, but the surrounding documentation does not clearly warn users about either the external transmission or local persistence. This is a real privacy/transparency issue because users may provide sensitive text without realizing it leaves the local environment and is stored on disk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.