ClawHub

Xiaomi MiMo TTS

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Xiaomi text-to-speech skill, with expected API use and local audio-file generation, but users should be careful with text privacy and output paths.

Install only if you trust the publisher and are comfortable sending the text you synthesize to Xiaomi's MiMo API. Set the API key in a trusted shell, use safe output paths that will not overwrite important files, and clean up generated audio files when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The shell execution path invokes `bash "$SCRIPT_DIR/mimo_tts_smart.sh"`, which is the same script file, so selecting the shell implementation causes unbounded recursion rather than delegating to a distinct implementation. An attacker or normal user can trigger denial of service by running this on a system without NodeJS/Python support, leading to repeated process spawning, resource exhaustion, and failed execution.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The script advertises a working shell-based smart implementation in comments and user help, but the actual shell path self-recurses instead of functioning as described. This mismatch is dangerous because it misleads users and operators into trusting a fallback mode that can fail catastrophically, increasing the chance of avoidable denial of service in environments lacking NodeJS or Python.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script writes to a user-specified output path and passes -y to ffmpeg, which forces overwrite without confirmation. In agent or automation contexts, this can destroy or replace arbitrary user-accessible files if the path is influenced by untrusted input or mistaken parameters.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends user-provided text to a third-party remote API whenever an API key is configured, but provides no explicit disclosure or consent mechanism in the code path. In a TTS skill this network transmission is expected, yet it still creates privacy and data-handling risk because sensitive prompts may be exfiltrated to an external service without clear warning.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal