Telnyx Stt

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it sends a user-selected audio file to Telnyx for transcription using a Telnyx API key.

Install only if you are comfortable sending selected audio files to Telnyx for processing. Avoid passing confidential recordings or non-audio files, and use a revocable Telnyx API key with account limits if cost or provider access matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The usage and description text explain transcription but omit a clear warning that user-provided audio is transmitted to a third-party service for processing. This is a privacy and data-governance risk because users may supply sensitive recordings without realizing the content leaves the local environment.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script sends the full contents of a local audio file to Telnyx's external transcription API, but the CLI provides no explicit runtime notice, consent prompt, or data-handling warning beyond a generic description. In an agent-skill context, this can cause users or upstream tools to unknowingly exfiltrate sensitive voice data, making the privacy risk real even if the behavior is functionally required.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal