Back to skill

Security audit

SenseVoice Transcribe

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local transcription skill with documented optional webhook notifications and transcript replacement behavior that users should handle carefully.

Install only if you are comfortable with the Python ML dependencies and model downloads. Run --dry-run before batch work, use --force-dates only when you intend to replace existing transcript outputs, and only pass a Discord webhook when sharing progress metadata such as dates, counts, and possible failure filenames with that Discord endpoint is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill is presented as a local transcription utility, but the documented behavior includes shell execution, file writes, and network use without any declared permissions or clear boundary-setting. This increases the chance that an agent or user will invoke it with broader capabilities than expected, especially because it can write outputs, fetch models, and send webhook traffic.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented purpose says this skill transcribes audio with SenseVoice, but the behavior also includes an alternate Whisper engine, outbound Discord notifications, progress-file writing, and deletion of existing transcripts via --force-dates. This mismatch is dangerous because users and orchestration systems may trust a narrower description and unknowingly permit data exfiltration or destructive actions outside the stated scope.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Discord webhook notifications are not necessary for transcription itself and introduce an outbound communication channel from a skill that otherwise appears local. Even if only progress metadata is sent, this creates privacy and exfiltration risk, particularly in batch workflows involving sensitive recordings or filenames.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script includes outbound Discord webhook notifications even though the skill is described as a local transcription tool. This can exfiltrate operational metadata such as filenames, dates, progress state, and failure details to an external service, violating least privilege and user expectations.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Accepting an arbitrary --discord-webhook URL creates a broad outbound network capability unrelated to core transcription. In a higher-privilege agent environment, this can be abused to send internal file metadata or processing status to attacker-controlled endpoints if the argument is influenced by untrusted input.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents outbound Discord webhook usage without a user-facing privacy warning, despite handling audio-derived transcripts, filenames, dates, and progress metadata that may reveal sensitive information. Users could enable this feature without understanding that data about private recordings may leave the local environment.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The webhook messages transmit transcription status and specific filenames externally without strong user-facing disclosure. Because audio filenames and processing dates can reveal sensitive personal or business information, this behavior creates a privacy and data-leak risk in a skill whose purpose suggests local processing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.