Sherpa Onnx Tts Andy27725
Security checks across malware telemetry and agentic risk
Overview
This skill coherently sets up offline text-to-speech, with the main caution that it downloads third-party runtime and model archives.
Install only if you are comfortable downloading sherpa-onnx binaries and model files from the referenced GitHub project. Before adding the skill's bin directory to PATH or running the command, confirm the expected wrapper exists and consider verifying downloaded archives when upstream checksums are available.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.