Skillv1.0.0

ClawScan security

Microsoft Edge TTS · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 11, 2026, 2:05 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match a text‑to‑speech purpose, but it tells the agent to run npx/require('node-edge-tts') with no version, source verification, or homepage — a supply‑chain / execution risk you should be aware of.
Guidance: This skill appears to do what it claims (convert text to speech), but it instructs the agent to run code fetched from npm (npx node-edge-tts) with no package version, repository link, or checksum. That means unknown third‑party code will be executed — a supply‑chain and privacy risk. Before installing or running: (1) verify the npm package name and maintainer on npmjs.com and review its source repo/README, (2) prefer a pinned version and checksum, (3) run it in a sandboxed environment or container, (4) consider using an official Microsoft/Azure SDK (which requires an API key) or a locally installed TTS engine if you need stronger provenance or offline processing, and (5) avoid sending sensitive text to an unknown online service since network calls may transmit your content.

Review Dimensions

Purpose & Capability: noteName/description (Edge TTS) align with the runtime instructions (use the node-edge-tts package via npx or as a module) and all user-facing options are consistent with TTS functionality. However, source/homepage are missing and owner is opaque, which reduces confidence in provenance.
Instruction Scope: concernSKILL.md directs the agent to invoke npx (runtime download+execute) and require('node-edge-tts'). While these steps are within the TTS purpose, they implicitly cause execution of third‑party code fetched from npm at runtime and give that code discretion to perform arbitrary actions. The instructions do not pin a package version, checksum, or repository URL.
Install Mechanism: concernThere is no install spec in the skill bundle; instead the documentation relies on npx to fetch a package from the npm registry on demand. Using npx/unpinned module execution is a moderate‑to‑high supply‑chain risk because it will run remote code with no integrity verification. No official project homepage, repository link, or package version is provided to validate the package.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The only network‑relevant options are proxy and timeout parameters. From the manifest, there is no unexplained credential request.
Persistence & Privilege: okThe skill does not request permanent presence (always:false) and does not declare any special privileges or config path modifications. It appears not to modify other skills or system settings.