Dynamic code execution detected.
Critical
- Code
- suspicious.dynamic_code_execution
- Location
- scripts/vv.sh:105
Security audit
Security checks across malware telemetry and agentic risk
This is a coherent local text-to-speech skill, but its script has real argument-handling flaws that can turn voice selection into local code execution.
Install only if you are comfortable reviewing and constraining the script first. Use a pinned, isolated VibeVoice environment, do not pass untrusted voice names or environment values, restrict voices to a known allowlist, and avoid loading arbitrary .pt voice files.
64/64 vendors flagged this skill as clean.
Detected: suspicious.dynamic_code_execution