Back to skill

Security audit

Aliyun TTS

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Alibaba Cloud text-to-speech skill, but it handles cloud credentials and uses an unencrypted token request that users should review before installing.

Install only if you are comfortable sending the text you synthesize to Alibaba Cloud and storing Aliyun credentials for this skill. Use a restricted Aliyun key, avoid sensitive or regulated text, choose output paths carefully, and consider patching or verifying the token request uses HTTPS before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill documentation shows use of environment variables and outbound access to Alibaba Cloud, but the skill does not declare corresponding permissions. Undeclared capabilities reduce transparency and can bypass user expectations or permission-based review, which is risky in an agent skill ecosystem even if the functionality itself is expected for a TTS service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly instructs users to place `ALIYUN_ACCESS_KEY_SECRET` in a plaintext local configuration file, which increases the chance of credential disclosure through local compromise, backups, accidental sharing, or source-control mistakes. Because this is a cloud access secret, exposure could allow unauthorized use of the Alibaba Cloud account or associated TTS resources.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill sends user-supplied text to Alibaba Cloud's remote TTS endpoint for synthesis, which can expose sensitive or confidential content to a third-party service without an explicit user warning or consent step. This is especially relevant because TTS inputs may contain private messages, tokens, or personal data that users may not realize are leaving the local environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.