Azure Ai Voicelive Py

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Azure voice SDK skill whose sensitive audio and credential use is expected for its stated purpose.

Install only if you intend to build an Azure-hosted voice application. Use least-privilege Azure credentials, avoid hardcoding API keys, obtain consent before recording or streaming speech, minimize sensitive spoken data, and review any real function or MCP tools before letting model-selected calls perform actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs users to capture microphone audio and handle transcription events, but it does not clearly disclose that raw spoken audio and derived transcripts are transmitted to Azure's cloud service for processing. In a voice/streaming SDK skill, that omission can cause accidental exposure of sensitive spoken data, especially in environments where users may assume local-only processing.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal