ClawHub

edge-tts-auto

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform text-to-speech as advertised, but running it can make privileged system changes and write to arbitrary user-supplied paths without enough control.

Review the script before installing. Use it only if you are comfortable with first run changing the Linux environment via sudo apt and pipx, and avoid converting sensitive text because edge-tts may use an online service. Choose a fresh, noncritical MP3 output path to avoid accidental overwrites.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script automatically performs system package installation with sudo during normal execution, which expands its capabilities beyond text-to-speech and modifies the host without explicit approval. In a skill context, unexpected privileged package management is dangerous because it changes system state, may trigger password prompts, and increases the blast radius if the script or its dependencies are compromised.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script performs privileged package installation and modifies the user environment via pipx ensurepath and sourcing ~/.bashrc without an explicit warning or confirmation. This is risky because a user invoking a TTS skill would not reasonably expect system changes, and environment-file sourcing can have side effects based on user-controlled shell configuration.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The output file path is taken directly from user input and written without validation, allowing overwriting of arbitrary files the current user can access. In an agent skill, this can be abused to clobber important user files, place data in sensitive locations, or interfere with application state if an attacker controls the JSON input.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly states that the skill will update system package lists and install packages automatically on first run, but it does not clearly warn the user that executing the skill causes persistent system changes. This is dangerous because a user invoking a text-to-speech skill may not expect package-manager activity, network downloads, or environment modifications, which increases the risk of unintended privilege use, supply-chain exposure, and host configuration drift.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The usage examples instruct saving output directly to the user's desktop but do not warn that the command will create or potentially overwrite a file at the specified path. While file output is expected for a TTS skill, omitting overwrite and file-creation warnings can still lead to accidental data loss or unexpected writes in user-visible locations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal