🗣️ Text-to-speech using GLM-TTS for generating audio

Security checks across malware telemetry and agentic risk

Overview

This is a real text-to-speech skill, but it asks users to copy a browser auth token into an external command-line tool.

Install only if you are comfortable giving an external `uvx zai-tts` package an `audio.z.ai` browser auth token. Prefer an official API key or scoped token if available, avoid sending private text or files, use a dedicated account if possible, and remove or rotate the token after use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill advertises activation on the generic keyword "tts," which is broad enough to match many benign user requests and can cause the agent to invoke an external command unexpectedly. Because this skill sends user-provided text to a third-party TTS service and uses stored credentials, overbroad triggering increases the chance of unnecessary data disclosure or unintended external execution.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs users to retrieve authentication material directly from browser localStorage via developer tools and place it into environment variables, normalizing unsafe handling of sensitive session data. This increases the risk of token theft, accidental exposure through shell history or logs, and use of browser session tokens outside their intended trust boundary.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal