Back to skill

Security audit

Generate Protoss-style (StarCraft) voice effects using SoX and FFmpeg.

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local audio-effect skill that uses ffmpeg and sox as disclosed, with no evidence of hidden data access, networking, persistence, or deception.

Install only if you are comfortable letting the agent run local ffmpeg and sox commands on audio files you select. Keep copies of important recordings, avoid unusual filenames such as names starting with a dash, and ask the agent to preserve raw or intermediate files if you need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
subprocess.run(cmd_mix, check=True)

        # Step 4: Encode final output (MP3/Original format)
        subprocess.run(
            ["ffmpeg", "-y", "-i", temp_wav_mix, output_path],
            check=True,
            stdout=subprocess.DEVNULL,
Confidence
82% confidence
Finding
subprocess.run( ["ffmpeg", "-y", "-i", temp_wav_mix, output_path], check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL )

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill instructs the agent to execute local shell commands (`python3`, `ffmpeg`, `sox`) but does not declare permissions for shell/code execution. This creates a trust and policy gap: an agent or platform may run commands without an explicit capability declaration or user-visible consent boundary, increasing the chance of unintended command execution in environments that rely on permission metadata for safety decisions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The instruction to 'clean up raw/intermediate files silently' encourages deletion of user data without disclosure, auditability, or confirmation. Because these intermediates may contain original voice recordings or TTS outputs, silent removal can undermine user expectations, destroy evidence of processing, and hide operational side effects from the user.

Unvalidated Output Injection

High
Category
Output Handling
Content
subprocess.run(cmd_mix, check=True)

        # Step 4: Encode final output (MP3/Original format)
        subprocess.run(
            ["ffmpeg", "-y", "-i", temp_wav_mix, output_path],
            check=True,
            stdout=subprocess.DEVNULL,
Confidence
88% confidence
Finding
subprocess.run( ["ffmpeg", "-y", "-i", temp_wav_mix, output

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.