Oathe Security Badge

Is altic-dev/FluidVoice safe?

https://github.com/altic-dev/FluidVoice

96
SAFE

FluidVoice is a legitimate, well-maintained open-source macOS voice dictation application (GPLv3, 16k+ stars) with no SKILL.md and no LLM agent instrumentation whatsoever. All monitored activity during the clone was benign: the only external network connection was to GitHub, no canary files were modified or exfiltrated (pre-clone reads are attributable to the audit framework's sudo initialization), and no executable code runs automatically on clone. This repository poses no prompt injection, data exfiltration, or malicious code execution risk.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 94/100 · 20%
Clone Behavior 98/100 · 10%
Canary Integrity 95/100 · 10%
Behavioral Reasoning 97/100 · 5%

Findings (4)

LOW Canary files read before clone — audit system artifact -5

Six honeypot files were opened at 15:40:26, six seconds before the git clone began at 15:40:32. This read pattern is consistent with the oathe audit framework's own sudo/PAM initialization rather than any action by the skill. No canary file was modified or had content transmitted externally. The integrity monitor confirmed all files intact.

INFO No SKILL.md — repository is not an agent skill 0

The repository contains no SKILL.md. This submission is a native macOS Swift application, not an LLM agent skill. There are no agent instructions of any kind.

INFO Optional pre-commit hook for team ID validation 0

scripts/check-team-id.sh is an optional pre-commit hook to prevent accidental Xcode team ID commits. It must be manually installed and is a contributor hygiene tool, not a security risk.

INFO Opt-in analytics with documented scope 0

The app includes an opt-in anonymous analytics service that collects app version, low-cardinality feature flags, and high-level error outcomes. The README and AnalyticsPrivacyView.swift explicitly document what is not collected (audio, transcriptions, paths, clipboard, API keys). Analytics are enabled by default but can be disabled in settings.