Alicloud Ai Audio Tts Voice Design

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Alibaba Cloud Qwen TTS voice-design helper with expected API-key, SDK-install, and local-output considerations.

Install the SDK in an isolated environment, use a scoped Alibaba/DashScope API key, and avoid putting confidential text into voice prompts unless you are comfortable with it being sent to the provider and saved in local output files.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill documents file read/write behavior via helper scripts, validation steps, and output artifact generation, but does not declare corresponding permissions. Undeclared capabilities weaken review and sandboxing assumptions, which can let a skill write artifacts or read local files in ways operators did not explicitly authorize.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal