ClawHub

Kokoro TTS

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward text-to-speech skill that sends the requested text to a configured Kokoro server and saves the returned audio locally.

Install this if you trust the Kokoro endpoint you will use. Prefer the localhost default, avoid sending secrets or sensitive private text to an untrusted remote server, and expect generated audio files to accumulate in the local media directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation indicates use of environment configuration and network access via KOKORO_API_URL, including support for a remote server, but no explicit permissions are declared. That creates a transparency and policy gap: users or orchestrators may not realize the skill can transmit user-provided text off-box, increasing the risk of unintended data exposure.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger description includes broad phrases like requests to 'say' something or convert text to speech, which can overlap with ordinary conversational requests. In an agent setting, that can cause the skill to activate unexpectedly and transmit content for synthesis when the user did not clearly intend to invoke this specific tool.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation states the skill may use a local or remote Kokoro-TTS instance but does not warn users that input text may be sent to a remote server. If sensitive or private text is synthesized, this omission can lead to unintended disclosure to third-party infrastructure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends arbitrary command-line text to an HTTP endpoint, which can expose sensitive user content in transit if the service is not strictly local or if localhost traffic is observable in the runtime environment. There is no disclosure, consent, or validation around this transfer, and the endpoint is configurable via KOKORO_API_URL, which increases the chance that data may be sent to a non-local or less trusted service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal