ClawHub

Coze Tts

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Coze text-to-speech skill that sends user-provided text to Coze and saves the returned audio locally.

Install only if you are comfortable sending the text you synthesize to Coze under your COZE_API_KEY. Avoid submitting secrets, regulated data, or proprietary text unless your use of Coze permits it, use a limited-purpose API key where possible, and choose output filenames that will not overwrite important files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly invokes shell scripts (`bash scripts/text_to_speech.sh ...`) but does not declare corresponding permissions/capabilities in a way that informs users or enforcement systems. This creates a transparency and policy gap: consumers may assume the skill is passive documentation while it actually executes local shell commands and performs networked actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description and usage examples encourage sending arbitrary text to the TTS service, but they do not prominently warn that all provided text is transmitted to Coze's external API for processing. Users may unknowingly submit sensitive prompts, secrets, personal data, or proprietary content to a third party, causing privacy and compliance exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script transmits arbitrary user-provided text to Coze's external API, but it does not clearly warn users that their input leaves the local system. This is a real privacy/security issue because users may unknowingly submit sensitive content, and the skill context is specifically designed to process free-form text, which increases the chance of accidental disclosure.

External Transmission

Medium
Category
Data Exfiltration
Content
}')

# Make API request and save response
HTTP_RESPONSE=$(curl -s -w "\n%{http_code}" -X POST "$API_ENDPOINT" \
    -H "Authorization: Bearer $COZE_API_KEY" \
    -H "Content-Type: application/json" \
    -d "$JSON_PAYLOAD" \
Confidence
97% confidence
Finding
curl -s -w "\n%{http_code}" -X POST "$API_ENDPOINT" \ -H "Authorization: Bearer $COZE_API_KEY" \ -H "Content-Type: application/json" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal