ClawHub

MOSS-TTS Voice

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed MOSS Studio text-to-speech and voice-cloning client, but users should treat voice samples and the API key as sensitive.

Install only if you are comfortable sending selected text and voice recordings to MOSS Studio. Clone only voices you have permission to use, verify the exact audio file path before running clone or reference-audio commands, keep MOSS_API_KEY out of logs/screenshots/repositories, and rotate the key if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger phrases are broad and overlap with common user requests such as generating audio, TTS, or sending voice files, which can cause the skill to activate in situations where users did not specifically intend voice cloning or third-party upload behavior. In this skill, that matters because activation can lead to external API use and possible upload of reference audio to a remote service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide documents uploading user audio and cloning voices but does not warn about consent, biometric privacy, impersonation risk, retention, or downstream misuse. In a voice-cloning skill, this omission is security-relevant because users may be prompted to transmit highly sensitive voice data to an external service without informed authorization safeguards.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The troubleshooting instructions explicitly encourage printing the API key with `echo $MOSS_API_KEY` and hardcoding example secrets such as `API_KEY = "sk-xxx"` / `export MOSS_API_KEY="sk-xxx"` without warning users not to expose or commit credentials. This increases the chance of credential disclosure through terminal history, screen sharing, logs, shell history, or copied snippets, which could let an attacker misuse the MOSS account and associated voice services.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script uploads a user-specified local file to a remote voice-cloning API without any confirmation, warning, or validation of what is being sent. In this skill context, the file is likely voice data, which is highly sensitive biometric information, so silent transmission increases privacy and consent risks.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill transmits user-provided text and potentially highly sensitive reference voice audio to a third-party TTS service without any explicit consent, warning, or privacy gate. In a voice-cloning context, that increases privacy and misuse risk because biometric voice data and message contents leave the local environment and may be retained by the vendor.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal