Voice Memo
Security checks across malware telemetry and agentic risk
Overview
This voice memo skill fits its stated purpose overall, but it depends on a missing local script and includes under-scoped recurring reminder behavior, so it should be reviewed before use.
Install only if you can verify the missing voice_memo.js implementation, where memo data is stored, how to delete or redact saved transcripts, and how to turn off daily threads and reminders. Avoid storing confidential meeting, client, health, or personal information until those controls are clear.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.