Back to plugin

Security audit

Voxtral Speech

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent Mistral/Voxtral speech plugin, with no unrelated credential or system access apparent from the provided files.

Before installing, understand that text sent for speech synthesis and audio sent for transcription will be sent to Mistral using your Mistral API key, or to whatever custom base URL you configure. The main caveat is that the provided evaluation data omits/truncates some source and built files, so a full source review would increase confidence, but the visible behavior is internally consistent with a Voxtral/Mistral speech integration.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/speech-provider.js:50
Evidence
apiKey: [REDACTED]({

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/transcription-provider.js:81
Evidence
apiKey: [REDACTED]({

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/speech-provider.ts:397
Evidence
apiKey: [REDACTED]({

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/transcription-provider.ts:128
Evidence
apiKey: [REDACTED]({