KittenTTS WhatsApp

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its WhatsApp voice-note purpose, but crafted TTS input can be turned into local Python code execution.

Review before installing. Use an isolated environment and do not feed untrusted WhatsApp messages, voice names, or speed values into the TTS script until it passes data safely through arguments, environment variables, or JSON. Also replace fixed /tmp paths with private mktemp directories and avoid --break-system-packages on managed systems.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The script uses a predictable, fixed path under /tmp and then applies chmod 700 after mkdir -p. If that directory already exists and is attacker-controlled or was created with broader permissions, the script may operate in an unsafe location, enabling symlink or file-replacement attacks against the generated WAV/OGG files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal