Back to skill

Security audit

Voicenotes

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it fetches Voicenotes data with a user token and can save transcripts and summaries as local markdown files.

Install only if you are comfortable giving the skill a Voicenotes access token and saving local copies of your notes. Keep VOICENOTES_TOKEN out of logs, screenshots, shell history, dotfiles, and repositories, and sync into a private directory that is excluded from public version control or shared backups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill advertises and relies on shell execution but does not declare permissions, which weakens transparency and any permission-gating the platform may apply. In a skill that handles account tokens and private note data, undeclared shell capability increases the chance of unexpected command execution against sensitive local and remote resources.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description states that the skill retrieves voice recordings, transcripts, and AI summaries, all of which are privacy-sensitive, but gives no user-facing warning about handling personal data. This can lead users to invoke the skill without understanding that highly sensitive content may be accessed, processed, and exposed in the workspace.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The setup instructs users to export a long-lived access token but does not warn that the token grants account access and must be protected from logs, shell history, screenshots, and shared environments. Exposure of this credential would allow unauthorized access to the user's Voicenotes data and associated API operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown sync workflow writes transcripts and AI summaries to local files without warning that private content will be persisted in the workspace, potentially copied into backups, version control, search indexes, or shared folders. Because transcripts may contain highly sensitive spoken information, silent local persistence materially increases exposure risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.