Back to skill
Skillv0.1.0
VirusTotal security
Tts Router · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:43 AM
- Hash
- cb07fb5756a0ac30194d4de7976e4f7da4f2e9e692850d532df5fc20d379990f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tts-router Version: 0.1.0 The skill provides local TTS capabilities but introduces several high-risk behaviors that expand the agent's attack surface. Specifically, the 'from-url' endpoint described in 'references/voice-cloning.md' allows the server to fetch content from arbitrary URLs (using yt-dlp), which could be leveraged for SSRF via prompt injection. Additionally, 'references/openclaw.md' instructs the agent to modify the sensitive '~/.openclaw/openclaw.json' configuration file, and 'SKILL.md' requires broad network access for downloading models from HuggingFace and installing packages via 'uvx'.
- External report
- View on VirusTotal