Back to skill

Security audit

Voice Note Transcriber

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it reads matching email voice-note attachments, sends them to OpenAI for transcription, and saves transcripts to Obsidian, with sensitive but disclosed data flows.

Install only if you are comfortable giving the skill mailbox access and sending matching audio attachments to OpenAI. Use an app-specific email password, narrow the subject keyword or use a dedicated mailbox, consider setting MARK_EMAIL_READ=false for the first run, and treat generated Obsidian transcripts as unreviewed content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends email-derived audio attachments to the OpenAI Whisper API, but the description does not prominently warn users that potentially sensitive email content leaves their mailbox and is transmitted to a third party. This can lead to unintentional disclosure of private or regulated data because users may assume transcription occurs locally.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill can mark processed emails as read, which modifies mailbox state and may interfere with user workflows, auditing, or downstream automations. Although the behavior is mentioned as optional, the documentation does not clearly emphasize this side effect as an operational risk before execution.

Missing User Warnings

High
Confidence
95% confidence
Finding
Audio attachments from email are sent to the OpenAI Whisper API, which is an external third party, without any explicit consent flow, warning, or policy gate in the script. In this skill context, the inputs may contain highly sensitive voice content from email, so silent external transmission materially increases privacy and data-exposure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.