ClawHub

openai-tts-python

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward OpenAI text-to-speech tool, with expected privacy and cost considerations because it sends requested text to OpenAI and uses an API key.

Install only if you are comfortable sending the text you convert to OpenAI and using your OpenAI API key, which may incur charges. Avoid using it for secrets, regulated data, or confidential documents unless your OpenAI account and policies allow that, and consider invoking it only with explicit TTS requests because its activation keywords are broad.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes text-to-speech functionality but does not clearly disclose that user-provided text is transmitted to OpenAI's external API for processing. This can mislead operators into sending sensitive, regulated, or confidential content off-host without informed consent, creating privacy, compliance, and data-handling risk.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation triggers are broad and include common words like "voice," "podcast," "speak," and "tts," which can cause the skill to activate in unintended contexts. This can lead to accidental invocation, surprise API usage, unintended processing of user text, and increased cost or privacy exposure if sensitive text is converted without a clear explicit request.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The summary describes activation through vague phrase categories rather than strict invocation rules, reinforcing ambiguous routing behavior. While this line alone does not execute anything, it encourages implementations that may over-trigger the skill and makes accidental activation more likely.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script transmits user-supplied text to OpenAI's external TTS service, but the CLI flow does not provide an explicit privacy warning or consent checkpoint before sending potentially sensitive file or stdin contents off-host. In a security context this is a real data-exposure risk, especially because the tool accepts arbitrary file input and piped content that users may assume is processed locally.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation terms are broad enough to match ordinary conversation words like 'voice', 'audio', or 'speak', which can cause the skill to trigger outside narrowly intended TTS requests. In an agent system, this increases the chance of inappropriate routing, unexpected API usage, and accidental transmission of user content to an external service.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest description defines activation with ambiguous, loosely bounded conditions, including broad contextual cues and keyword matching, which can make the skill eligible in situations not specifically requesting speech synthesis. That creates a prompt-selection weakness where unrelated or sensitive text may be sent to the TTS API unintentionally.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal