ClawHub

Xiaomi MiMo-V2-TTS

Security checks across malware telemetry and agentic risk

Overview

This TTS skill appears to do what it claims, but it can automatically install a Python package at runtime and sends synthesis text to Xiaomi's cloud API.

Review before installing. Use this only in an environment where automatic pip installation is acceptable, or preinstall and pin `requests` yourself. Use a dedicated MiMo API key, avoid passing secrets in command-line arguments where shell history may capture them, and do not synthesize confidential or regulated text unless Xiaomi's data handling is acceptable for your use case.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
import requests
except ImportError:
    import subprocess
    subprocess.check_call([sys.executable, "-m", "pip", "install", "requests", "-q"])
    import requests
Confidence
95% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "requests", "-q"])

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Automatically installing requests during execution is risky because it performs package management as a side effect of running the script. That behavior is unrelated to core synthesis logic and can alter the environment, pull code from external sources, and violate least-privilege expectations for a simple client utility.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill clearly instructs users to send arbitrary input text to Xiaomi's external TTS API but does not disclose that the provided text leaves the local environment and is transmitted to a third-party service. This creates a privacy and data-handling risk because users may unknowingly submit sensitive or regulated content to an external provider.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal