aqua-voice-malleability

[Skill Scanner] Download or install from free hosting/deployment platform detected All findings: [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] This SKILL.md is a dual-use, high-risk security-research artifact. It documents and demonstrates concrete, actionable exploit techniques (IPC injection via DevTools, CDP remote evaluation, direct WebSocket impersonation) that can be used to bypass push-to-talk, start audio recording, and stream or exfiltrate audio/transcripts. While framed for authorized research, the file contains explicit, ready-to-run examples and reveals telemetry/service endpoints and a PostHog key. No obfuscation is present; the file does not itself contain executable malware, but it facilitates credential harvesting and unauthorized audio capture if used against vulnerable or improperly configured targets. Verdict: SUSPICIOUS / high security risk for misuse — suitable for research only with strict authorization and safeguards. LLM verification: This skill is documented as a reverse-engineering/adversarial analysis tool and many capabilities align with that purpose (IPC inspection, WebSocket observation, CDP). However, it also contains explicit, reproducible instructions for active exploitation: IPC injection to bypass UI controls, CDP-based code injection, and explicit token extraction/use flows that enable authenticated connections to remote servers. Those capabilities are disproportionate for a benign helper and enable credential mis