ClawHub

doubao-tts-cn

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Volcengine text-to-speech integration, with expected privacy and credential-handling cautions but no hidden or unrelated behavior found.

Install this only if you intend to use Volcengine's cloud TTS service. Do not submit confidential, regulated, or secret text unless Volcengine processing is acceptable, and treat ~/.config/doubao-tts/.env as a sensitive file; rotate or delete the token if it is exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description is broad enough to match ordinary requests about reading text aloud or converting text to speech, which can cause the skill to activate unexpectedly. In this skill's context, misfires matter because activation may result in local file reading and transmission of user content to a third-party synthesis service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explains setup and usage but does not clearly warn that provided text or Markdown content will be sent to Volcengine for processing. This is a privacy and data-handling issue, especially if users pass sensitive local documents assuming synthesis happens locally.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The installer collects a sensitive access token and persists it to a local .env file without clearly warning the user that the credential will be stored on disk. While chmod 600 limits access for the current user, local plaintext storage still increases exposure through backups, shell history-adjacent workflows, endpoint compromise, or accidental inclusion in support bundles.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal