Back to skill

Security audit

Voice Notes Pro

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: transcribe WhatsApp voice notes with OpenAI and save categorized Markdown notes locally, with privacy settings users should review.

Install only if you are comfortable sending WhatsApp voice audio to OpenAI for transcription and keeping the resulting text in local Markdown files. Change /root/notes to an appropriate user-owned notes directory if needed, protect the OPENAI_API_KEY, and avoid storing sensitive personal details without consent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list includes broad, everyday phrases such as requests to transcribe audio, add tasks, shopping items, ideas, or contact entries, which can cause the skill to activate on routine conversations without sufficiently explicit user intent. In this skill's context, unintended activation is more dangerous because it may send WhatsApp voice content to an external Whisper API and persist the resulting transcription into local note files, creating privacy and data-integrity risks.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description does not clearly warn users that WhatsApp voice notes are transmitted to OpenAI's Whisper API and that transcriptions are stored in local Markdown files under the user's notes directory. This omission undermines informed consent and can expose sensitive personal, contact, or task information through third-party processing and local persistence without the user fully understanding the data flow.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
Hardcoding the transcription language to Polish without user opt-in can cause inaccurate transcription for non-Polish audio, leading to misclassification or incorrect entries being written into notes. While this is less severe than direct code execution or exfiltration, the context still matters because bad transcriptions can silently corrupt task lists, people records, shopping lists, and other persisted notes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Audio files are sent to the OpenAI transcription API, which means potentially sensitive voice content leaves the local environment and is processed by a third party. Because the skill provides no user-facing disclosure, consent flow, or configuration gate, users may unknowingly expose personal, confidential, or regulated information.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill persists transcribed content, including potentially sensitive personal data, into local Markdown files without warning, classification, or access controls. This creates a privacy and confidentiality risk because users may not realize spoken content is being durably stored and later searchable on disk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "Toniacz",
  "license": "MIT",
  "dependencies": {
    "openai": "^4.28.0"
  }
}
Confidence
81% confidence
Finding
"openai": "^4.28.0"

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.