中文音频批量转文字

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local Chinese audio/video transcription helper with normal setup, cache, and file-writing risks to review before use.

Before installing, review the remote install commands and download sources, edit the hard-coded paths in batch_transcribe.py, run it only on media folders where creating .txt transcript files is intended, and inspect cache directories before using the cleanup commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill includes irreversible cache-deletion commands using recursive removal, but does not clearly warn that these commands permanently delete local data. While the paths appear scoped to application caches, users may still lose downloaded models and cached assets unexpectedly, especially if they copy the commands without understanding them.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal