Skillv1.0.0

ClawScan security

Fish Tts · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 19, 2026, 1:38 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (local TTS + optional NextCloud upload) matches the code, but there are multiple incoherences and risky choices — most notably hard-coded NextCloud credentials in both SKILL.md and SKILL.py, undeclared required environment variables, and several buggy/inconsistent endpoints — so proceed with caution.
Guidance: Do not install or run this skill as-is if you care about credential hygiene or trust: it embeds a plaintext NextCloud password in the documentation and code and fails to declare required environment variables. If you want to use it, ask the author to (1) remove all hard-coded secrets from SKILL.md and SKILL.py and rely solely on environment variables; (2) update the registry metadata to declare required env vars (NEXTCLOUD_USER, NEXTCLOUD_PASS, NEXTCLOUD_URL, FISH_AUDIO_S1_URL, etc.); (3) fix obvious bugs (OPENVOICE_V2_URL has a '.' instead of ':', health-check logic is inverted for some services); (4) replace hardcoded private IPs with configurable defaults or clearly-documented required local endpoints; and (5) provide a homepage/source and provenance (who maintains it). If you already provided the embedded NextCloud password anywhere else, rotate those credentials immediately. Test the skill in an isolated environment before allowing it access to any sensitive services.

Review Dimensions

Purpose & Capability: concernThe skill claims to generate TTS via Fish Audio S1 and optionally upload to NextCloud — the included Python implements both. However the registry metadata declares no required environment variables or credentials while both SKILL.md and SKILL.py expect NEXTCLOUD_* and FISH_AUDIO_* environment variables (misalignment). The inclusion of explicit local IPs and a hard-coded NextCloud credential in the docs/code is disproportionate and not justified by the manifest.
Instruction Scope: concernSKILL.md instructs network interactions (POST to TTS service and PUT to NextCloud WebDAV). That scope is reasonable for a TTS + upload skill, but the documentation contains a plaintext NextCloud password and concrete private IPs, and it tells the user to set env vars that the registry didn't declare. The runtime instructions and examples also rely on specific local network addresses rather than configurable defaults, which is brittle and unexpected.
Install Mechanism: noteNo install spec (instruction-only) — low install risk. However the package is not purely prose: a runnable SKILL.py is included, so the code will run if invoked. There is no external download or install step beyond running the bundled Python, which reduces installer-level risk but means shipped code matters.
Credentials: concernThe manifest lists no required secrets, yet SKILL.py reads NEXTCLOUD_USER, NEXTCLOUD_PASS, NEXTCLOUD_URL, FISH_AUDIO_S1_URL and provides defaults. Critically, a sensitive-looking NextCloud password (N95qg-Wzdpc-6DJAn-xMaHa-RaEW5) appears in both SKILL.md and as the default in SKILL.py — this is a clear credential leakage / bad-practice risk. Other defaults contain local IPs; the skill will attempt network activity even without explicit user configuration.
Persistence & Privilege: okThe skill does not request elevated persistence (always:false). It does not modify other skills or system configs. Autonomous invocation is allowed by platform default but is not combined with any additional dangerous privileges in the manifest.