ClawHub

Aliyun Qwen Tts Realtime

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Alibaba Cloud Qwen text-to-speech helper with normal API-key and generated-audio handling, plus some hardening gaps users should understand.

Install only if you are comfortable sending synthesis text and settings to Alibaba DashScope. Use a dedicated or minimally scoped API key, avoid putting secrets in shared .env files or copied evidence, keep the default Alibaba endpoint unless you intentionally trust another endpoint, and choose output paths deliberately. Treat fallback downloads as untrusted provider output because the script does not limit download size or validate the returned audio URL.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tainted flow: 'audio_url' from os.getenv (line 186, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
def _download_audio(audio_url: str, output_path: Path) -> None:
    output_path.parent.mkdir(parents=True, exist_ok=True)
    with urllib.request.urlopen(audio_url) as response:
        output_path.write_bytes(response.read())
Confidence
89% confidence
Finding
with urllib.request.urlopen(audio_url) as response:

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill tells users to set `DASHSCOPE_API_KEY` or place credentials in a local credentials file but provides no warning about secret handling, storage risks, or avoiding inclusion in logs and artifacts. In a skill that also writes output and evidence files, omission of secret-handling guidance increases the chance of accidental credential exposure through shell history, shared files, or captured command output.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal