Jarvis Vocal
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed local text-to-speech setup for generating J.A.R.V.I.S.-style audio and optionally sending it to a paired Android device.
Before installing, verify the upstream Piper TTS, HuggingFace CLI, ffmpeg, and voice model sources yourself. Only use ADB with Android devices you trust, because pairing allows file pushes and playback actions. Also review any local wrapper scripts named jarvis-speak or jarvis-tts if you add them, since this package description references commands that are not included in the scanned artifact.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.