ClawHub

text-to-speech-api

Security checks across malware telemetry and agentic risk

Overview

This TTS skill is instruction-only, but it steers users toward a broad SkillBoss API setup and key that can enable many non-TTS paid services.

Review before installing. Use this only if you are comfortable giving SkillBoss a credential that may access many paid API categories, not just text-to-speech. Inspect the remote setup file before running it, prefer scoped keys or spending limits if available, and require explicit user approval before non-TTS calls or sending sensitive text externally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is branded as a narrowly scoped text-to-speech integration, but it explicitly expands access to hundreds of unrelated APIs and capabilities. This scope mismatch can mislead users and agents into granting a broad API key and invoking capabilities far beyond TTS, increasing the chance of unintended data exposure or misuse.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The agent instructions recommend unrelated chat/reasoning models and use cases inside a TTS skill. That creates dangerous ambiguity about what the agent is authorized to do and may cause an agent to route sensitive user data to non-TTS models or external services not expected by the user.

Description-Behavior Mismatch

Low
Confidence
88% confidence
Finding
The discovery section markets broad access to chat, image, video, scraping, and social-data products that are unrelated to a dedicated TTS skill. While partly promotional, it still normalizes capability expansion and can encourage overbroad installation and trust in a credential with much wider reach than the skill name suggests.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation guidance says to use the skill whenever the user needs a text-to-speech API, without defining tighter limits on data types, approved operations, or when external transmission is appropriate. In an agent setting, vague routing language can lead to overuse of the skill and unnecessary transfer of user content to a third-party API.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup flow encourages automatic installation and use of a key that unlocks hundreds of external APIs, but does not warn the user about the breadth of access, external data transmission, or credential sensitivity. This creates a meaningful risk of users granting expansive third-party access without informed consent or understanding of downstream exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal