Metatron Voice

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed Discord meeting workflow with user-controlled recording and Jira approval steps, though users should handle meeting consent and stored transcripts carefully.

Install this only for teams that intentionally want Discord meeting recording and follow-up automation. Notify participants and obtain consent where required, restrict access to the meetings directory, define retention/deletion practices for recordings and transcripts, and review generated Jira tasks before approving and pushing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly guides users to record Discord voice conversations and later push generated tasks into Jira, but it provides no warning about consent, privacy obligations, data retention, or the risk of creating external side effects in connected systems. In a meeting-recording workflow, omission of these warnings can lead to unauthorized recording, disclosure of sensitive discussion content, and accidental creation of Jira artifacts based on unreviewed or mis-transcribed content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal