Windows TTS (WSL2)
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent speaks text from an untrusted source or a maliciously crafted message, that text could cause commands to run on the Windows host under the current user.
The script builds a PowerShell command by interpolating user-supplied text and options into a string that is executed with -Command. Escaping only double quotes does not prevent PowerShell expansion such as $(), and RATE/VOLUME are inserted without validation.
if [[ -n "$RATE" ]]; then PS+=" \$s.Rate=[int]$RATE;"; fi ... TEXT_ESC=$(printf '%s' "$TEXT" | sed 's/"/`"/g'); PS+=" \$s.Speak(\"$TEXT_ESC\");"; powershell.exe -NoProfile -Command "$PS"
Do not use this on untrusted text until say.sh passes text as data rather than code, such as via a PowerShell script with param() arguments or stdin, and validates numeric options before invoking PowerShell.
Users may install it on unsupported systems, and the host PowerShell dependency may not be visible in capability metadata.
The metadata does not declare the Windows/WSL and powershell.exe dependency, even though SKILL.md and the scripts rely on PowerShell. This appears to be an under-declared runtime requirement rather than hidden behavior.
OS restriction: none; Required binaries (all must exist): none; Required binaries (at least one): none
Declare the Windows/WSL requirement and powershell.exe dependency so users and reviewers can see the expected environment.