Security audit

Edge Tts Global

Security checks across malware telemetry and agentic risk

Overview

This text-to-speech skill appears legitimate, but its cleanup helper can delete files outside the intended temporary audio workflow.

Review before installing. The TTS workflow is coherent, but use it only where the agent has limited filesystem access or after changing cleanup to delete only files created under the workspace temp/ directory. Also confirm you trust the globally installed edge-tts binary and are comfortable sending text to that TTS provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The cleanup function deletes any user-supplied file paths without constraining them to files created by this skill or to a dedicated temp directory. In the context of a TTS skill, arbitrary file deletion is unnecessary and expands the skill's authority beyond its stated purpose, enabling destructive misuse if an agent passes sensitive paths.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The CLI exposes the cleanup subcommand directly, allowing arbitrary caller-provided paths to be deleted through Path.unlink(). Because the skill is supposed to generate speech audio, this deletion capability is unrelated to user intent and creates a dangerous primitive for wiping files in the workspace or elsewhere accessible to the process.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal