ClawHub

SenseAudio

Security checks across malware telemetry and agentic risk

Overview

This TTS skill appears mostly purpose-aligned, but it includes an unsafe endpoint override that can send the SenseAudio API key to an arbitrary URL.

Review the script before installing. Only use the default trusted SenseAudio endpoint, do not pass --url unless you fully control the destination, and avoid sending sensitive text because TTS content is processed by a third-party service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script will perform a second outbound request to any URL returned in JSON fields such as audio_url or url, without validating the scheme, host, or relationship to the trusted SenseAudio API. This creates an SSRF-style primitive and broadens data egress/network reach beyond the declared TTS call, which is especially risky in agent or enterprise environments where internal services may be reachable.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The --url parameter lets the caller direct authenticated POST requests to an arbitrary endpoint, and the request includes the Bearer API key in the Authorization header. This can exfiltrate the SenseAudio credential to attacker-controlled infrastructure and also enables arbitrary outbound requests from the runtime environment.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs sending user-provided text to an external TTS service but does not warn that the text leaves the local environment. Users may unknowingly transmit sensitive content, including private messages or personal data, to a third-party API.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal