Back to skill

Security audit

Beep - Xiao Laba

Security checks across malware telemetry and agentic risk

Overview

This is a real voice announcement tool, but it tries to make spoken updates mandatory and persistent across future agent sessions, with announcement text going through an online TTS dependency.

Install only if you intentionally want always-on spoken agent status updates. Before installing, review or remove the proposed edits to global agent instruction files and session hooks, avoid using it for confidential work unless announcements are generic or local-only, and consider pinning dependencies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
This skill asks the installer to modify multiple high-authority workspace governance files so its behavior becomes mandatory across the agent, far beyond a normal audio helper. Embedding its rules into AGENTS.md, MEMORY.md, IDENTITY.md, TOOLS.md, and USER.md creates persistent instruction injection and can override future agent behavior in unrelated tasks.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The '防遗忘机制' adds session hooks, bootstrap loading, and startup checks designed to programmatically enforce the skill on every session. This persistence mechanism is dangerous because it establishes durable control over agent behavior and expands the skill from a utility into a cross-session policy injector.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The helper sends announcement text to edge-tts without any user-facing warning, consent, or data-classification guard. In an agent context, messages may contain prompts, task details, secrets, or personal data; converting them through a TTS backend can expose sensitive content outside the local trust boundary.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Beep - Small speaker requirements
edge-tts>=7.2.8
pygame>=2.6.1
Confidence
96% confidence
Finding
edge-tts>=7.2.8

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Beep - Small speaker requirements
edge-tts>=7.2.8
pygame>=2.6.1
Confidence
96% confidence
Finding
pygame>=2.6.1

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.