Back to skill

Security audit

openai-tts-python

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward OpenAI text-to-speech skill with expected API, file-read, and audio-output behavior, but users should be mindful that submitted text is processed by OpenAI and the activation terms are broad.

Install only if you are comfortable sending the text you convert to OpenAI and using your OpenAI API key, which may incur charges. Avoid secrets, regulated data, or confidential documents unless your policies allow it, and invoke the skill with explicit TTS requests because some activation keywords are broad.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to send arbitrary text to OpenAI's TTS API but does not disclose that the content will be transmitted to a third-party external service. This can lead to accidental exposure of sensitive, confidential, or regulated data when users assume the conversion is local or privacy-preserving.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation list includes overly broad, everyday terms such as "voice," "podcast," "speak," and "tts," which can cause the skill to trigger in contexts where the user did not explicitly request text-to-speech. In an agent environment, unintended invocation can route sensitive or unrelated text into an external API, creating privacy, cost, and workflow-integrity risks even though the skill’s purpose is legitimate.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This script transmits user-provided text to OpenAI's external TTS API, but it does not clearly warn the user at the point of use that their content will leave the local environment for third-party processing. In a CLI utility that can read from files or stdin, this can cause accidental disclosure of sensitive text if a user assumes processing is local.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The activation phrases include highly generic terms such as "voice," "audio," and "podcast," which can cause the skill to trigger in situations where the user did not explicitly ask to send content to a TTS provider or write an audio file. In this skill’s context, accidental activation is more concerning because the skill transmits user text to an external API and produces local output files, creating privacy and consent risks rather than direct code-execution risk.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manifest description defines activation using broad and ambiguous conditions, including common words and accessibility-related situations that may be present in normal conversation without a clear request to invoke this skill. Because the skill sends text to OpenAI’s API, ambiguous triggering can lead to unintended disclosure of user-provided or sensitive text and unexpected generation of files.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description does not warn users that input text is sent to a third-party API and that generated audio is written to disk, which can undermine informed consent and lead to accidental exposure of sensitive data. In a TTS skill, this omission is materially relevant because users may paste confidential text expecting local-only transformation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.