Back to skill

Security audit

Free voice from Comfy UI + Qwen3 TTS

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward helper for generating Russian voice audio with a local ComfyUI setup, with no hidden or unrelated behavior found.

Install only if you intend to use this with a trusted local Windows ComfyUI setup. Verify that the desktop shortcut, ComfyUI plugin, Qwen3 model, localhost service, and output folder are yours and trusted, and only ask it to generate audio from text you are comfortable sending as a voice message.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to automatically send the generated audio as a voice message, but it does not require explicit user confirmation before transmission. This can cause unintended sharing of synthesized content, especially if the text contains sensitive, private, or misleading material and the user did not intend immediate delivery.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.