Back to skill

Security audit

ttsCN — Chinese TTS Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Chinese text-to-speech skill, but users should know it sends text to chosen voice providers and writes audio files locally.

Install this if you want a multi-provider Chinese TTS helper and are comfortable using cloud TTS services. Avoid sending private or regulated text unless you trust the selected provider, set API keys only for providers you intend to use, and choose output paths carefully because existing audio files may be overwritten.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (14)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
with open(concat_list, "w", encoding="utf-8") as f:
            for pf in wav_part_files:
                f.write(f"file '{os.path.basename(pf)}'\n")
        result = subprocess.run(
            ["ffmpeg", "-y", "-f", "concat", "-safe", "0",
             "-i", concat_list, "-c", "copy", output_file],
            capture_output=True, text=True, cwd=out_dir,
Confidence
88% confidence
Finding
result = subprocess.run( ["ffmpeg", "-y", "-f", "concat", "-safe", "0", "-i", concat_list, "-c", "copy", output_file], capture_output=True, text=True, cwd=

subprocess module call

Medium
Category
Dangerous Code Execution
Content
with open(concat_list, "w", encoding="utf-8") as f:
            for pf in part_files:
                f.write(f"file '{os.path.basename(pf)}'\n")
        result = subprocess.run(
            ["ffmpeg", "-y", "-f", "concat", "-safe", "0",
             "-i", concat_list, "-c", "copy", output_file],
            capture_output=True, text=True, cwd=out_dir,
Confidence
80% confidence
Finding
result = subprocess.run( ["ffmpeg", "-y", "-f", "concat", "-safe", "0", "-i", concat_list, "-c", "copy", output_file], capture_output=True, text=True, cwd=

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises and documents capabilities that read files, write files, access environment variables, invoke shell commands, and make network/API calls, but it declares no permissions. This creates a transparency and policy-enforcement gap: an agent or reviewer cannot accurately assess what sensitive operations may occur before use.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation criteria are very broad and include many generic TTS-, provider-, and pricing-related phrases, increasing the chance the skill is invoked when the user did not intend audio generation or third-party API use. In an agent setting, over-broad triggers can cause premature file writes, browser launches, network requests, or credential-dependent actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill does not clearly warn that user-supplied text may be transmitted to third-party TTS providers and that generated audio and caches may be written locally. This is a meaningful privacy issue because prompts may contain personal, proprietary, or regulated content that users may not expect to leave the local environment.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
This backend sends user text plus authentication material to a third-party TTS API, but the file itself provides no disclosure, consent mechanism, or minimization controls. In a skill context, that can create an inadvertent privacy and compliance issue because sensitive input may be transmitted off-host without the operator fully realizing it.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This tool sends user-provided text to third-party/cloud TTS backends, but the shown CLI flow does not present an explicit disclosure or consent checkpoint before transmission. In agent or automation contexts, users may unknowingly submit sensitive text to external providers, creating privacy, compliance, or data handling risks.

Unvalidated Output Injection

High
Category
Output Handling
Content
with open(concat_list, "w", encoding="utf-8") as f:
            for pf in part_files:
                f.write(f"file '{os.path.basename(pf)}'\n")
        result = subprocess.run(
            ["ffmpeg", "-y", "-f", "concat", "-safe", "0",
             "-i", concat_list, "-c", "copy", output_file],
            capture_output=True, text=True, cwd=out_dir,
Confidence
84% confidence
Finding
subprocess.run( ["ffmpeg", "-y", "-f", "concat", "-safe", "0", "-i", concat_list, "-c", "copy", output_file], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
with open(concat_list, "w", encoding="utf-8") as f:
            for pf in part_files:
                f.write(f"file '{os.path.basename(pf)}'\n")
        result = subprocess.run(
            ["ffmpeg", "-y", "-f", "concat", "-safe", "0",
             "-i", concat_list, "-c", "copy", output_file],
            capture_output=True, text=True, cwd=out_dir,
Confidence
63% confidence
Finding
subprocess.run( ["ffmpeg", "-y", "-f", "concat", "-safe", "0", "-i", concat_list, "-c", "copy", output_file], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
with open(concat_list, "w", encoding="utf-8") as f:
            for pf in part_files:
                f.write(f"file '{os.path.basename(pf)}'\n")
        result = subprocess.run(
            ["ffmpeg", "-y", "-f", "concat", "-safe", "0",
             "-i", concat_list, "-c", "copy", output_file],
            capture_output=True, text=True, cwd=out_dir,
Confidence
69% confidence
Finding
subprocess.run( ["ffmpeg", "-y", "-f", "concat", "-safe", "0", "-i", concat_list, "-c", "copy", output_file], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
with open(concat_list, "w", encoding="utf-8") as f:
            for pf in part_files:
                f.write(f"file '{os.path.basename(pf)}'\n")
        result = subprocess.run(
            ["ffmpeg", "-y", "-f", "concat", "-safe", "0",
             "-i", concat_list, "-c", "copy", output_file],
            capture_output=True, text=True, cwd=out_dir,
Confidence
87% confidence
Finding
subprocess.run( ["ffmpeg", "-y", "-f", "concat", "-safe", "0", "-i", concat_list, "-c", "copy", output_file], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
with open(concat_list, "w", encoding="utf-8") as f:
            for pf in wav_part_files:
                f.write(f"file '{os.path.basename(pf)}'\n")
        result = subprocess.run(
            ["ffmpeg", "-y", "-f", "concat", "-safe", "0",
             "-i", concat_list, "-c", "copy", output_file],
            capture_output=True, text=True, cwd=out_dir,
Confidence
87% confidence
Finding
subprocess.run( ["ffmpeg", "-y", "-f", "concat", "-safe", "0", "-i", concat_list, "-c", "copy", output_file], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
with open(concat_list, "w", encoding="utf-8") as f:
            for pf in part_files:
                f.write(f"file '{os.path.basename(pf)}'\n")
        result = subprocess.run(
            ["ffmpeg", "-y", "-f", "concat", "-safe", "0",
             "-i", concat_list, "-c", "copy", output_file],
            capture_output=True, text=True, cwd=out_dir,
Confidence
80% confidence
Finding
subprocess.run( ["ffmpeg", "-y", "-f", "concat", "-safe", "0", "-i", concat_list, "-c", "copy", output_file], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
with open(concat_list, "w", encoding="utf-8") as f:
            for pf in part_files:
                f.write(f"file '{os.path.basename(pf)}'\n")
        result = subprocess.run(
            ["ffmpeg", "-y", "-f", "concat", "-safe", "0",
             "-i", concat_list, "-c", "copy", output_file],
            capture_output=True, text=True, cwd=out_dir,
Confidence
84% confidence
Finding
subprocess.run( ["ffmpeg", "-y", "-f", "concat", "-safe", "0", "-i", concat_list, "-c", "copy", output_file], capture_output

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.