ClawHub

Windows TTS (WSL2)

PassAudited by VirusTotal on May 12, 2026.

Overview

Type: OpenClaw Skill Name: windows-tts-wsl2 Version: 1.1.1 The skill bundle is classified as suspicious due to a critical shell injection vulnerability in `scripts/say.sh`. The script constructs a PowerShell command using user-provided input for `--voice`, `--rate`, `--volume`, and the main text, but the input sanitization (using `sed 's/"/`"/g'`) is insufficient. This allows an attacker to inject arbitrary PowerShell commands by including characters like semicolons (`;`) in the input, potentially leading to remote code execution on the Windows host via WSL2.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence
ASI05: Unexpected Code Execution
What this means

If the agent speaks text from an untrusted source or a maliciously crafted message, that text could cause commands to run on the Windows host under the current user.

Why it was flagged

The script builds a PowerShell command by interpolating user-supplied text and options into a string that is executed with -Command. Escaping only double quotes does not prevent PowerShell expansion such as $(), and RATE/VOLUME are inserted without validation.

Skill content
if [[ -n "$RATE" ]]; then PS+=" \$s.Rate=[int]$RATE;"; fi ... TEXT_ESC=$(printf '%s' "$TEXT" | sed 's/"/`"/g'); PS+=" \$s.Speak(\"$TEXT_ESC\");"; powershell.exe -NoProfile -Command "$PS"
Recommendation

Do not use this on untrusted text until say.sh passes text as data rather than code, such as via a PowerShell script with param() arguments or stdin, and validates numeric options before invoking PowerShell.

NoteHigh Confidence
ASI04: Agentic Supply Chain Vulnerabilities
What this means

Users may install it on unsupported systems, and the host PowerShell dependency may not be visible in capability metadata.

Why it was flagged

The metadata does not declare the Windows/WSL and powershell.exe dependency, even though SKILL.md and the scripts rely on PowerShell. This appears to be an under-declared runtime requirement rather than hidden behavior.

Skill content
OS restriction: none; Required binaries (all must exist): none; Required binaries (at least one): none
Recommendation

Declare the Windows/WSL requirement and powershell.exe dependency so users and reviewers can see the expected environment.