ClawHub

Speak Turbo - Talk to your Claude 90ms latency!

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local text-to-speech skill that plays or saves audio and runs a disclosed localhost daemon.

Install only if you are comfortable with a local TTS daemon, audible playback by default, and local WAV file creation. Avoid speaking highly sensitive text in shared spaces, and do not add broad directories such as your whole home folder to the permanent output allowlist unless you intend that access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation describes capabilities to read and write files, invoke shell commands, and access a local HTTP service, but it declares no permissions. This creates a trust and review gap: users or platforms may approve the skill without understanding that it can persist configuration, write audio files, manage processes, and communicate over the network.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The quick-start instructs immediate playback through speakers without a clear warning that audio will play automatically. Unexpected audio can disclose sensitive content to nearby people, disrupt shared environments, or create unsafe situations if used in the wrong context.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The CLI sends user-provided text to a local daemon over plain HTTP with no explicit warning, consent prompt, or authentication boundary explanation. Although the endpoint is bound to 127.0.0.1, sensitive text can still be exposed to any local process able to observe, intercept, or abuse the local service, which is especially relevant for a TTS skill likely to handle private agent/user content.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
User-provided text is transmitted over HTTP to a local daemon process without any explicit notice, consent boundary, or authentication. In an agent setting, users may reasonably assume text is handled in-process; sending potentially sensitive prompts to another service increases exposure to interception by local malware, unintended logging, or abuse by a rogue process bound to the expected port.

Session Persistence

Medium
Category
Rogue Agent
Content
- Your current working directory
- `~/.speakturbo/`

If you need to write elsewhere, use `--allow-dir`:

```bash
speakturbo "Hello" -o /custom/path/audio.wav --allow-dir /custom/path
Confidence
78% confidence
Finding
write elsewhere, use `--allow-dir`: ```bash speakturbo "Hello" -o /custom/path/audio.wav --allow-dir /custom/path ``` To permanently allow a directory, add it to `~/.speakturbo/config`: ```bash mkd

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal