Back to skill

Security audit

Byted Voice Notify

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for sending Volcengine voice notifications, but it can place real outbound voice notifications without a documented final confirmation step.

Install only if you intentionally want an agent to use your Volcengine account to send voice notifications. Require the agent to confirm the recipient phone number, selected voice resource/content, provider, and cost-sensitive send action before every send, and only use credentials with the minimum Volcengine permissions needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill invokes a Python script that uses environment-stored credentials and performs outbound API calls, yet it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: the skill can access secrets and place network requests without an explicit permission boundary, increasing the chance of unintended execution in a broader context.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger set includes broad phrases such as '发送语音通知' and regex-like patterns that may activate on ordinary conversation, causing the skill to run in contexts where the user did not intend to place an outbound call. Because this skill can contact real phone numbers through a third-party provider, overbroad activation raises the risk of unauthorized or surprising actions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The applicability section describes when to use the skill in a way that is broad and action-oriented, but it does not define clear guardrails such as requiring explicit user authorization for the destination number and message purpose. In this context, ambiguity matters because the skill initiates an external communication action with cost, privacy, and abuse implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description says the skill sends voice notifications but does not prominently warn that it places outbound calls/messages to a phone number using a third-party service. Missing disclosure reduces informed consent and can lead users to trigger actions with billing, privacy, or harassment consequences they did not fully understand.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The send operation transmits a phone number to an external cloud API, which is personal data and may be sensitive in some contexts. Without an explicit user-facing disclosure or confirmation step, users may not realize their data is being sent off-platform, increasing privacy and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.