The skill executes arbitrary code with root
Claims to do
Whisper Setup Skill: This skill guides users through setting up Whisper for the PTT plugin.
Actually does
The skill executes shell commands to check system resources (RAM, disk, CPU, GPU), install system dependencies via `sudo apt-get`, clone the `whisper.cpp` Git repository, compile the software using `make`, download Whisper models, and test the local installation. It also reads and modifies the `~/.claude/ptt-config.json` file and interacts with the `OPENAI_API_KEY` environment variable.
npx skills add https://github.com/aaddrick/claude-pttAccess to sensitive environment variables detected
$OPENAI_API_KEY
The skill executes commands to install system packages with root privileges (`sudo apt-get`) and clones/compiles external source code from GitHub (`git clone`, `make`). This allows for arbitrary code execution with elevated privileges, posing a significant supply chain risk if the external repository or package sources are compromised.
sudo apt-get update && sudo apt-get install -y build-essential cmake git clone https://github.com/ggerganov/whisper.cpp.git make -j$(nproc)
The skill prompts the user for their OpenAI API key and instructs on storing it in an environment variable or a local configuration file. While necessary for the skill's function, this involves handling sensitive credentials, which could be exploited if the agent's environment or configuration file access is compromised.
If not set, ask user to provide their API key Set `whisper.openaiApiKey` to the user's key
The skill includes a command to record audio using `arecord` to a temporary file. While intended for testing the transcription setup, this capability could be repurposed for unauthorized audio surveillance or data collection if the agent's instructions were manipulated.
arecord -f S16_LE -r 16000 -c 1 -d 3 /tmp/test.wav
The skill executes commands to gather system information such as RAM, disk space, CPU details, and GPU presence. These commands are used for legitimate resource assessment but represent reconnaissance capabilities that could be abused.
free -h df -h ~ lscpu | grep -E "(Model name|CPU(s)|Thread)" nvidia-smi
The skill's description states it 'guides users through setting up Whisper', implying a conversational or instructional role. However, the actual content includes direct execution of system-modifying commands, including `sudo apt-get` for package installation, `git clone` for repository download, and `make` for software compilation, which goes beyond mere guidance.
Commands like `sudo apt-get update`, `git clone https://github.com/ggerganov/whisper.cpp.git`, and `make -j$(nproc)` are executed directly within the skill content.
[](https://mondoo.com/ai-agent-security/skills/github/aaddrick/claude-ptt/whisper-setup)<a href="https://mondoo.com/ai-agent-security/skills/github/aaddrick/claude-ptt/whisper-setup"><img src="https://mondoo.com/ai-agent-security/api/badge/github/aaddrick/claude-ptt/whisper-setup.svg" alt="Mondoo Skill Check" /></a>https://mondoo.com/ai-agent-security/api/badge/github/aaddrick/claude-ptt/whisper-setup.svgSkills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.