Alicloud Ai Audio Tts Voice Clone

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Alibaba Cloud voice-cloning helper, but users should treat voice samples, voice IDs, and saved request files as sensitive.

Install only if you intend to use Alibaba Cloud voice cloning and have clear authorization from the speaker. Use a least-privilege DashScope key, avoid uploading third-party voice recordings without consent, and protect or delete generated request files, sample URLs, API responses, and voice IDs when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This skill processes enrollment audio for voice cloning through a cloud service, but it does not prominently warn about privacy, consent, biometric voice data handling, retention, or impersonation risk. In the context of voice cloning, missing safeguards and disclosures materially increase the chance of non-consensual use, sensitive data exposure, and policy or legal violations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal