audiobook

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only audiobook skill whose web fetching, API-key use, and cloud text-to-speech calls match its stated purpose.

Install only if you are comfortable sending the text you convert to the selected TTS provider, including Google-backed gTTS when no API key is used. Avoid confidential, regulated, or sensitive internal documents unless the provider terms and your organization allow it, and use API keys intended for this task because paid providers may incur costs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill sends fetched or user-supplied text to third-party TTS providers but does not prominently warn that content will leave the local environment. This can expose sensitive article contents, private notes, or copyrighted material to external services without informed user consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal