Local Whisper (cpp)
Security checks across malware telemetry and agentic risk
Overview
This skill is a small local speech-to-text wrapper, with the main caution being a manual model download into a system directory.
Install this if you want local Whisper transcription and trust your whisper-cli installation. Before running the setup command, consider verifying the Hugging Face model source and checksum, and be aware that writing to /usr/share may require elevated local permissions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.