Security audit

Voice Translator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent voice-translation skill, but users should know that speech, transcripts, and saved phrases may involve external services or local storage.

Install only if you are comfortable sending recorded speech, transcripts, and translated text to SenseAudio and any LLM provider you connect. Protect the SENSEAUDIO_API_KEY, review provider privacy terms before using it for sensitive conversations, and avoid saving favorites on shared or synced devices unless you are comfortable with those phrases remaining on disk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill sends recorded speech and generated text/audio to remote third-party APIs, yet the documentation does not clearly warn users that potentially sensitive voice content leaves the local device. In a voice translation context, users may transmit personal, travel, medical, or financial information without informed consent, increasing privacy and compliance risk.

Missing User Warnings

Low

Confidence: 77% confidence
Finding: The skill persists translated phrases and metadata to local JSON files without clearly warning users. While local storage is expected for a favorites feature, saved travel/medical phrases can still contain sensitive personal content and may remain on shared systems longer than users realize.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal