ClawHub

Google Chirp 3 HD TTS Skill

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it turns text into MP3 speech using Google Cloud, with some normal cloud-service and dependency-install risks users should understand.

Install only if you are comfortable with selected text being sent to Google Cloud for speech generation, with a local npm dependency install on first use, and with generated MP3 files being written to the configured workspace or requested output path. Use a least-privilege Google Cloud ADC account and prefer explicit TTS commands if accidental activation would be a problem.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill declares environment-variable usage (`OPENCLAW_WORKSPACE`) but does not appear to declare explicit permissions in a way that would let a host framework enforce or review that capability. Undeclared capability use weakens security transparency and can lead to unsafe assumptions about what the skill may access or where it may write output, especially since the value falls back to the current working directory.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases include broad terms such as "voice" and "read this out loud," which are common in normal conversation and can cause the skill to activate unintentionally. In this skill, accidental activation is more concerning because execution may perform networked actions, auto-install an npm package on first run, and send user text to an external Google API.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends user-supplied text to Google Cloud's remote TTS service, which creates a privacy and data-handling risk if users assume processing is local. In an agent skill context, prompts may contain sensitive or proprietary content, so lack of an explicit warning or consent mechanism can lead to unintended disclosure to a third party.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal