Back to skill

Security audit

whisper-transcribe-summarize

Security checks across malware telemetry and agentic risk

Overview

This is a local Whisper transcription helper with disclosed model downloads and local file outputs, but users should understand it may write or overwrite transcript files and its rewrite/summary behavior is mostly instruction-driven rather than implemented in the scripts.

Install only if you are comfortable installing openai-whisper and downloading Whisper model files. Use deliberate output paths, because transcript files may overwrite existing files and may contain sensitive audio or video content. For strict offline use, download and verify the model in advance and avoid running the tool where a missing model could trigger a download.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented behavior claims fully offline transcription plus automatic cleaning, rewriting, and summarization, but the analysis indicates those transformations are not implemented while network model download and translation behavior do exist. This mismatch can mislead users about privacy, data handling, and outputs, causing them to run the skill under incorrect assumptions.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The skill claims fully offline operation, but whisper.load_model() may download model weights if they are not already present locally. In an environment where users rely on offline-only behavior for privacy or network isolation, this can unexpectedly initiate network access, potentially leaking metadata or violating operational constraints.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill states output paths and says cleaned text will overwrite the transcription file, but it does not clearly warn users that execution will create or overwrite files by default. In a file-processing skill, silent overwrites can cause loss of original outputs or confusion about which artifact is authoritative.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill automatically generates additional rewritten and summary artifacts unless the user opts out, but this behavior is only noted later in the document and not presented as a prominent warning. Unexpected derivative files can expose sensitive transcribed content more broadly on disk and surprise users who intended only raw transcription.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.