U2-tts

Security checks across malware telemetry and agentic risk

Overview

This UniSound text-to-speech skill is mostly purpose-aligned, but it repeatedly publishes real-looking shared API credentials and encourages ways of using them that can leak secrets.

Review before installing. Use only your own UniSound credentials, rotate any copied sample values, avoid passing secrets on the command line, and do not send confidential text unless you are comfortable with UniSound or any configured WebSocket endpoint processing it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The documentation embeds concrete AppKey and Secret values and instructs users to export them directly. Publishing reusable credentials in a public skill can enable unauthorized API use, quota exhaustion, billing abuse, and accidental trust in compromised shared secrets.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The same hardcoded credentials are repeated across multiple examples, increasing the likelihood they will be copied into shells, scripts, logs, and repos. Repetition normalizes insecure handling of secrets and expands the attack surface if those credentials are valid.

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: The document gives correct security advice not to hardcode credentials, but contradicts itself elsewhere by doing exactly that. This inconsistency misleads users into insecure practices and undermines the reliability of the security guidance.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The sample Python code silently falls back to embedded credentials when environment variables are absent, effectively reintroducing hardcoded secrets through code paths that look safe. This encourages developers to ship insecure defaults and can cause unintended use of shared credentials in real deployments.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The documentation not only exposes credentials but also recommends passing secrets on the command line, where they may be visible in shell history, process listings, CI logs, and telemetry. Combined with embedded values, this materially increases the chance of credential leakage and misuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal