Back to skill

Security audit

Voicescope Voc Deep Insight

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent VoiceScope cloud-analysis helper that uploads user-selected feedback data for remote VOC processing, with disclosed login and confirmation steps.

Install only if you intend to use VoiceScope as a cloud service for customer-feedback analysis. Preview files first, confirm the exact text column, remove unnecessary PII or confidential columns before upload, and use logout or protect ~/.voicescope/auth.json on shared machines.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to execute local Python scripts that read user files, write outputs, access environment variables, persist auth tokens, and make network requests, yet it declares no permissions. That mismatch undermines informed consent and sandbox policy enforcement: users and the platform cannot accurately assess that the skill will upload local data and store credentials locally before use.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The invocation text uses very broad natural-language triggers such as generic requests about sentiment, keywords, summaries, classification, and feedback analysis. This can cause the skill to activate in contexts where users did not intend external upload/processing, increasing the chance of accidental routing of sensitive datasets into a networked workflow with billing and persistence implications.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The login section documents saving tokens to ~/.voicescope/auth.json and using an environment API key, but it does not present a clear user-facing warning about credential persistence, local storage sensitivity, or operational security expectations. In shared machines or multi-user environments, this raises the risk of token exposure and unauthorized reuse, especially because the skill also supports browser-based auth and automatic token reuse.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The generate command reads local file contents and sends extracted text rows to the remote /taxonomies/generate API, but the command flow does not present a clear just-in-time disclosure that local customer feedback data will leave the machine and be processed by a remote service. For a VOC analysis skill handling potentially sensitive complaints or survey text, this can cause unintended external disclosure of personal, confidential, or regulated data if the operator assumes processing is local.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The upload command transmits the full parsed table, including all columns and rows, to the /tables/import API with no explicit disclosure at the point of use. Because this skill is designed for bulk customer-feedback analysis, datasets may contain PII, internal notes, or sensitive business data, making silent bulk upload a real privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The extract-viewpoints workflow triggers remote processing on table text via /viewpoints/extract without a just-in-time warning that user content already uploaded to the platform will be sent for AI analysis. Even if the table is already server-side, users may not expect additional processing of potentially sensitive feedback text unless the command explicitly states it.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The analyze command submits a selected table column for remote AI processing through /analysis, but the CLI does not explicitly warn the operator at execution time. In this skill's context, the analyzed text is customer feedback and may contain personal or confidential information, so undisclosed remote processing presents a genuine privacy/compliance issue.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.