Trust Assessment
voice-agent received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 0 critical, 4 high, 1 medium, and 0 low severity. Key findings include Suspicious import: urllib.request, Potential data exfiltration: file read + network send, Excessive file system permissions via arbitrary file read.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential data exfiltration: file read + network send Function 'transcribe' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/ricardotrevisan/voice-agent/scripts/client.py:70 | |
| HIGH | Potential data exfiltration: file read + network send Function 'synthesize' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/ricardotrevisan/voice-agent/scripts/client.py:111 | |
| HIGH | Excessive file system permissions via arbitrary file read The skill's `transcribe` tool allows the AI agent to read from an arbitrary file path on the host system. The tool definition in `SKILL.md` shows that the `transcribe` command takes a user-specified file path (e.g., `/path/to/audio/file.ogg`) as input. The underlying `scripts/client.py` then opens and reads the content of this file. This capability enables potential unauthorized reading of sensitive files (e.g., configuration files, user data, SSH keys) from the system where the agent is running. While the `client.py` script itself only sends the file content to `localhost:8000`, the ability to read arbitrary files means the LLM could be prompted to reveal their contents, leading to data exfiltration. Restrict file operations to a dedicated, sandboxed directory. Implement strict path validation and sanitization to prevent directory traversal attacks (e.g., `../`). Consider using a file picker mechanism or temporary file system for user-provided input files instead of allowing arbitrary file paths. | LLM | SKILL.md:30 | |
| HIGH | Excessive file system permissions via arbitrary file write The skill's `synthesize` tool allows the AI agent to write to an arbitrary file path on the host system. The tool definition in `SKILL.md` shows that the `synthesize` command takes a user-specified output file path (e.g., `/path/to/output.mp3`). The underlying `scripts/client.py` then writes the synthesized audio content to this specified path. This capability enables unauthorized writing to arbitrary locations, which could lead to data corruption, denial of service (e.g., filling up disk space), or even privilege escalation if critical system files or user startup scripts are overwritten (depending on the agent's execution permissions). Restrict file operations to a dedicated, sandboxed directory. Implement strict path validation and sanitization to prevent directory traversal attacks (e.g., `../`). Consider using a temporary file system for output files or requiring a pre-approved output directory. | LLM | SKILL.md:36 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ricardotrevisan/voice-agent/scripts/client.py:6 |
Scan History
Embed Code
[](https://skillshield.io/report/f48d88ef6c7fcd37)
Powered by SkillShield