Openai Whisper Api

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward transcription skill that uploads a chosen audio file to OpenAI and writes the transcript to a chosen local output file.

Install only if you are comfortable sending the selected audio file to OpenAI for transcription and using your OPENAI_API_KEY. Choose the --out path deliberately, because the script will overwrite a writable file at that location.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill sends user-provided audio files to OpenAI's external transcription API, but the description does not clearly warn users that file contents leave the local environment. This can lead to unintended disclosure of sensitive voice recordings, personal data, or confidential meeting content because users may assume processing is local from the brief description alone.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal