ClawHub

Chanjing Tts

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chanjing text-to-speech API skill that uses local Chanjing credentials and network calls for its stated purpose, with risks users should understand but no artifact-backed malicious behavior.

Install only if you trust Chanjing and the related chanjing-credentials-guard helper. Keep credentials.json private, do not commit or paste keys, avoid sending sensitive text unless Chanjing's handling is acceptable, and leave CHANJING_API_BASE unset unless you intentionally use a trusted endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)

Tainted flow: 'CONFIG_FILE' from os.environ.get (line 12, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
def write_config(data):
    CONFIG_DIR.mkdir(parents=True, exist_ok=True)
    with open(CONFIG_FILE, "w", encoding="utf-8") as f:
        json.dump(data, f, indent=2, ensure_ascii=False)
Confidence
84% confidence
Finding
with open(CONFIG_FILE, "w", encoding="utf-8") as f:

Tainted flow: 'req' from os.environ.get (line 82, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
method="POST",
    )
    try:
        with urllib.request.urlopen(req, timeout=30) as resp:
            body = json.loads(resp.read().decode("utf-8"))
    except Exception as e:
        return None, str(e)
Confidence
97% confidence
Finding
with urllib.request.urlopen(req, timeout=30) as resp:

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation describes capabilities including reading and writing credentials, making network requests, invoking helper scripts, and opening a browser, yet the frontmatter declares no permissions. This creates a permission-transparency gap that can mislead reviewers and users about what the skill is allowed to do, especially because it handles secrets and external downloads.

Missing User Warnings

Medium
Confidence
77% confidence
Finding
The code persists `app_id`, `secret_key`, and refreshed access tokens to a local JSON file without any visible warning, consent, or protection in this module. Storing secrets locally is sometimes necessary, but undisclosed plaintext persistence increases the risk of credential exposure on multi-user or poorly secured systems.

Credential Access

High
Category
Privilege Escalation
Content
## How to Use This Skill

**前置条件(权限验证)**:执行本 Skill 前,必须先通过 **chanjing-credentials-guard** 完成 AK/SK 与 Token 校验。本 Skill 与 guard 使用同一套凭证(`~/.chanjing/credentials.json`);脚本在无凭证时会**执行 `open_login_page.py` 脚本**,在默认浏览器打开 AK/SK 注册/登录页,并提示配置命令。

### Reviewer Q&A (four items)
Confidence
90% confidence
Finding
credentials.json

Session Persistence

Medium
Category
Rogue Agent
Content
**Required vs optional**: **`CHANJING_API_BASE`** **optional** (default `https://open-api.chanjing.cc`). **`CHANJING_CONFIG_DIR`** optional. **No** `ffmpeg`/`ffprobe` in skill `metadata`.

**Purpose alignment**: **TTS** client—list voices, create task, poll, **download audio from URLs in API responses**. **Trust** the API host and returned URLs.

See **How to Use** → **Reviewer Q&A (four items)** → **Security & credentials (registry summary)**.
Confidence
93% confidence
Finding
create task, poll, **download audio from URLs in API responses**. **Trust** the API host and returned URLs. See **How to Use** → **Reviewer Q&A (four items)** → **Security & credentials (registry sum

Session Persistence

Medium
Category
Rogue Agent
Content
1. Obtain an `access_token`, which is required for all subsequent API calls
2. List all voice IDs and select one to use
3. Call the Create Speech API, record `task_id`
4. Poll the Query Speech Status API until success, then download generated audio file using the url in response

### Obtain AccessToken
Confidence
94% confidence
Finding
Create Speech API, record `task_id` 4. Poll the Query Speech Status API until success, then download generated audio file using the url in response ### Obtain AccessToken 从 `~/.chanjing

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal