Piper TTS

Security checks across malware telemetry and agentic risk

Overview

This local text-to-speech skill mostly matches its purpose, but its setup script can modify the host and has unsafe voice-name path handling that deserves review before installation.

Review the setup script before installing. Only run it if you are comfortable with pip installs, possible system package installation, Hugging Face model downloads, and persistent local voice files. Use only known voice names until the path handling is fixed.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill instructs the agent to execute shell scripts, but the manifest does not declare any corresponding permissions. This creates a trust and policy gap: users and the platform may not realize the skill can install software and run local commands, increasing the chance of unexpected code execution in the host environment.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The skill claims operation is fully local and emphasizes 'zero cloud calls,' yet its setup behavior installs packages and downloads voice models from external sources. That mismatch can mislead operators into approving the skill under false assumptions, exposing the environment to network egress, supply-chain risk, and unreviewed third-party content.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal