Back to skill

Security audit

Doubao ASR / 豆包语音转写

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it sends user-provided audio to Volcengine/Doubao for transcription, with no evidence of hidden exfiltration or destructive behavior.

Before installing, understand that audio content will be processed by Volcengine/Doubao, and local files will be uploaded to your configured TOS bucket. Use a dedicated bucket, least-privilege credentials, and a retention or deletion policy for sensitive recordings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises a direct-URL transcription mode without warning users that the audio content will be fetched and then processed by external infrastructure, potentially exposing sensitive recordings to third-party services or unintended network locations. In an audio-transcription skill, users may reasonably assume local-file handling semantics unless data flows and privacy implications are clearly disclosed.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The guidance explicitly instructs maintainers to keep a bilingual Chinese/English style consistent, which can override or constrain the assistant's normal behavior even when a user did not request bilingual output. This is not a classic security exploit, but it is a real prompt-quality and policy-control issue because it may cause unnecessary disclosure, confusion, or mismatch with user intent across interactions.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:191