Oatda Generate Speech

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward text-to-speech skill that uses an OATDA API key to send requested text to OATDA and save the returned audio locally.

Install only if you are comfortable sending the text you ask to synthesize to OATDA. Avoid using it for secrets, regulated data, or confidential drafts unless that data flow is acceptable for your use case, and use a scoped OATDA API key where possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The skill explicitly retrieves an API key from a local credentials file and sends user-provided text to a remote service, but it does not clearly warn that the input text will leave the local environment or that sensitive text should not be sent. In a speech-generation skill, outbound transmission is expected, but the missing privacy disclosure can still cause users to unintentionally transmit confidential content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal