Back to plugin

Security audit

Microsoft Teams Voice (CVI)

Security checks across malware telemetry and agentic risk

Overview

This Teams voice/video bridge matches its purpose, but it needs review because some sensitive video handling and caller-triggered tool access are broader than the user-facing documentation suggests.

Install only if you are comfortable granting a third-party plugin access to live Teams audio, camera, screen-share frames, provider API keys, and optional Teams posting/callback behavior. Keep sharedSecret strong, inboundPolicy restrictive, bindAddress narrow, requireRecordingStatus enabled, and realtime.toolPolicy set to none unless trusted callers need tool access; avoid the curl-to-bash installer unless you inspect it separately.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.