Back to skill
Skillv1.0.2
VirusTotal security
Edge TTS English · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:09 AM
- Hash
- 8c9b74746bd91c5698fd18f76af2759ff19411e4702d411fea55893127ff11db
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: edge-tts-english Version: 1.0.2 The `scripts/speak.sh` file is vulnerable to shell injection. The `$TEXT`, `$VOICE`, and `$OUTPUT` arguments are directly interpolated into the `edge-tts` command without explicit sanitization. If the OpenClaw agent passes unsanitized user input to this script, an attacker could inject arbitrary shell commands (e.g., `'; rm -rf / #'`) leading to remote code execution. This is a critical vulnerability, but not evidence of intentional malicious design within the skill itself.
- External report
- View on VirusTotal