Back to skill

Security audit

iFlytek Ultra-Realistic TTS

Security checks across malware telemetry and agentic risk

Overview

This text-to-speech skill does what it claims, but it sends credentials and user text over a TLS connection that deliberately disables certificate checks.

Install only if you are comfortable sending selected text to iFlytek and storing iFlytek API credentials in the environment. Avoid sensitive, regulated, or secret text with this version, especially on untrusted networks, until TLS verification is fixed. Static scan showed no findings and VirusTotal was still pending, so the Review verdict is based on artifact-backed TLS and disclosure concerns, not malware telemetry.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill documentation indicates it reads credentials from environment variables, reads user-supplied files, and connects to a remote WebSocket API, but there is no declared permissions model covering those capabilities. This creates a real security governance issue because users and hosting platforms may not have clear visibility or enforcement over sensitive actions such as outbound network access and handling API secrets.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The WebSocket client disables both certificate verification and hostname checking (`ctx.verify_mode = ssl.CERT_NONE`, `ctx.check_hostname = False`) while using `wss://`, which defeats TLS authentication and permits man-in-the-middle interception or tampering. In this skill, that can expose API credentials in the signed connection setup and all synthesized text sent to the remote service, making the risk materially higher than a mere documentation mismatch.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.