ClawHub

mimotts25-plus (TTS增强版)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed MiMo text-to-speech integration that needs an API key and can upload chosen voice samples for cloning, with privacy and endpoint-trust cautions but no hidden or destructive behavior found.

Install only if you trust the publisher and the MiMo endpoint you configure. Keep MIMO_API_KEY secret, do not use custom base URLs unless you control or trust them, avoid submitting confidential text, and use voice cloning only with recordings you own or have explicit permission to use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tainted flow: 'req' from os.getenv (line 52, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
method="POST",
    )
    try:
        with urllib.request.urlopen(req, timeout=60) as resp:
            body = json.loads(resp.read())
    except urllib.error.HTTPError as exc:
        err_body = exc.read().decode(errors="replace")
Confidence
88% confidence
Finding
with urllib.request.urlopen(req, timeout=60) as resp:

Tainted flow: 'req' from os.getenv (line 54, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
)
    for attempt in range(max_retries):
        try:
            with urllib.request.urlopen(req, timeout=60) as resp:
                body = json.loads(resp.read())
            break
        except urllib.error.HTTPError as exc:
Confidence
92% confidence
Finding
with urllib.request.urlopen(req, timeout=60) as resp:

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill promotes voice cloning from an audio sample without any warning about consent, impersonation, biometric privacy, or rights to use the source voice. In context, this is more dangerous because voice cloning materially enables fraud, social engineering, and unauthorized biometric processing if users submit someone else's recording.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The voice-cloning section instructs users to upload third-party audio samples to an external API but does not warn about consent, privacy, biometric sensitivity, or legal restrictions. In this skill context, that omission materially increases misuse risk because cloned voice data can be derived from personally identifying audio and abused for impersonation or unauthorized processing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script sends a base64-encoded voice sample to a remote API for cloning without any explicit user-facing notice at runtime that biometric audio leaves the local machine. Because voice samples are sensitive personal data and may uniquely identify a person, failing to disclose this network transmission can cause privacy harm and uninformed consent issues.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal