WaveSpeedAI MiniMax Speech 2.6 TTS

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward text-to-speech guide for WaveSpeed AI, with the main caveat that submitted text is processed by an external service.

Install only if you are comfortable sending the text you synthesize to WaveSpeed AI and using your API key for billable requests. Avoid submitting secrets, credentials, regulated data, or confidential scripts unless your data-sharing policy permits it, and verify the official wavespeed client package before running the JavaScript examples.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents how to send arbitrary user-provided text to the external WaveSpeed/MiniMax service but does not clearly warn users that their input leaves the local environment and is processed by a third party. This can lead to unintended disclosure of sensitive, proprietary, or regulated data because users may assume the skill operates locally or within the agent platform.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal