Back to skill

Security audit

Edge TTS

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: convert text to speech using Microsoft Edge's online TTS service, with ordinary local config and audio output behavior.

Install this only if you are comfortable sending text you convert to Microsoft's online TTS service. Do not use it for secrets, regulated data, private documents, or confidential prompts, and periodically clean generated audio files from the temp directory if they may contain sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Vague Triggers

Medium
Confidence
92% confidence
Finding
Using the bare keyword "tts" as an activation trigger is overly broad and can cause the skill to invoke when a user is merely discussing TTS rather than requesting audio generation. In an agent setting, unintended invocation can leak content to external services, generate unexpected media, or cause confusing side effects without clear user intent.

Vague Triggers

Low
Confidence
80% confidence
Finding
The phrase "detect TTS intent from triggers or user request" does not clearly define the boundary between discussing TTS and requesting execution. This ambiguity increases the chance of accidental activation, though the surrounding context suggests convenience rather than a deliberately unsafe design.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Treating any occurrence of the keyword "tts" as a TTS request can overlap with ordinary conversation, documentation, or quoted content. Because this skill sends text to an online Microsoft Edge TTS service, mistaken activation can expose user content externally and produce unintended outputs.

Vague Triggers

Low
Confidence
78% confidence
Finding
The workflow instruction to check for a "tts" trigger or keyword lacks guardrails and safe non-examples, making implementation prone to over-triggering. While not severe by itself, it reinforces the same ambiguous activation pattern throughout the skill and can lead to accidental tool execution.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide documents sending arbitrary text to Microsoft Edge's online TTS service and writing generated audio/subtitle artifacts to disk, but it does not clearly warn that user-provided content leaves the local environment or that local files are created. In an agent skill context, this can lead to accidental disclosure of sensitive prompts, secrets, or personal data to a third-party service, and unexpected persistence of that data in workspace files.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script explicitly states it uses Microsoft Edge's online TTS service and sends the provided text to that external service, but it does not present an explicit privacy warning or require consent before transmitting potentially sensitive user content. In a skill context, users may provide private notes, messages, or other confidential text assuming local processing, so silent exfiltration to a third-party cloud service creates a real privacy and compliance risk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"test": "npx node-edge-tts -t \"Hello, world! This is a test of the Edge TTS service.\" -f test-output.mp3 && echo \"Test completed successfully!\""
  },
  "dependencies": {
    "node-edge-tts": "^1.2.9",
    "commander": "^11.0.0"
  },
  "author": "Clawdbot",
Confidence
88% confidence
Finding
"node-edge-tts": "^1.2.9"

Unpinned Dependencies

Low
Category
Supply Chain
Content
},
  "dependencies": {
    "node-edge-tts": "^1.2.9",
    "commander": "^11.0.0"
  },
  "author": "Clawdbot",
  "license": "MIT"
Confidence
87% confidence
Finding
"commander": "^11.0.0"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.