Back to skill

Security audit

Crazyrouter Stt

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it transcribes user-selected audio or video by sending it to the Crazyrouter API, but users should treat recordings as externally processed data.

Install only if you are comfortable sending selected audio or video files to Crazyrouter for transcription or translation. Avoid confidential meetings, medical or legal recordings, and proprietary media unless the provider's privacy and retention terms are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends user-provided audio/video to an external third-party service (Crazyrouter) for transcription, but the description does not clearly disclose this data transfer. That omission can mislead users into sharing sensitive recordings under the assumption processing is local or first-party, creating privacy, confidentiality, and compliance risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill reads a local audio file and uploads its contents to a third-party endpoint, but the code provides no explicit consent prompt or strong warning at the point of transmission. Because audio and video often contain sensitive personal or business information, users may unintentionally exfiltrate confidential data when invoking the skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/main.mjs:6