ClawHub

Windows TTS (WSL2)

SuspiciousAudited by ClawScan on May 10, 2026.

Overview

The skill is a coherent Windows TTS helper, but unsafe PowerShell command construction could let text meant to be spoken run commands on the Windows host.

This skill appears intended to provide local Windows speech from WSL, but review or fix the quoting before installing. Avoid using it to read untrusted web pages, documents, or messages aloud until the PowerShell invocation is safely parameterized.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence
ASI05: Unexpected Code Execution
What this means

If the agent speaks text from an untrusted source or a maliciously crafted message, that text could cause commands to run on the Windows host under the current user.

Why it was flagged

The script builds a PowerShell command by interpolating user-supplied text and options into a string that is executed with -Command. Escaping only double quotes does not prevent PowerShell expansion such as $(), and RATE/VOLUME are inserted without validation.

Skill content
if [[ -n "$RATE" ]]; then PS+=" \$s.Rate=[int]$RATE;"; fi ... TEXT_ESC=$(printf '%s' "$TEXT" | sed 's/"/`"/g'); PS+=" \$s.Speak(\"$TEXT_ESC\");"; powershell.exe -NoProfile -Command "$PS"
Recommendation

Do not use this on untrusted text until say.sh passes text as data rather than code, such as via a PowerShell script with param() arguments or stdin, and validates numeric options before invoking PowerShell.

NoteHigh Confidence
ASI04: Agentic Supply Chain Vulnerabilities
What this means

Users may install it on unsupported systems, and the host PowerShell dependency may not be visible in capability metadata.

Why it was flagged

The metadata does not declare the Windows/WSL and powershell.exe dependency, even though SKILL.md and the scripts rely on PowerShell. This appears to be an under-declared runtime requirement rather than hidden behavior.

Skill content
OS restriction: none; Required binaries (all must exist): none; Required binaries (at least one): none
Recommendation

Declare the Windows/WSL requirement and powershell.exe dependency so users and reviewers can see the expected environment.