Back to skill

Security audit

Telegram Offline Voice

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims operationally, but it is marketed as offline/private while routing spoken text through Edge-TTS, which creates a real privacy disclosure concern.

Treat this as an online/provider-backed TTS wrapper unless the publisher updates it to use a truly local engine or clearly documents the external data flow. Avoid private, regulated, or sensitive message text, and prefer installing uv through a verified package manager or pinned installer rather than piping a remote script into the shell.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises shell-based installation and execution steps (`apt`, `curl | sh`, `uv run`) but does not declare corresponding permissions or execution capabilities. This creates a trust and policy gap: an agent or reviewer may underestimate that the skill can cause system-level side effects, package installation, and script execution.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documentation states the solution is 'completely offline/local' while relying on Microsoft Edge-TTS, which is typically a network-backed service rather than a purely local speech engine. This can mislead users into sending potentially sensitive text to an external provider under a false privacy assumption, causing data exposure and compliance risk.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The file repeatedly markets the skill as '100% local' and 'completely offline' while also centering functionality on Edge-TTS, creating contradictory and materially misleading privacy/security claims. In a voice-generation skill, users are likely to input messages, notes, or sensitive content; inaccurate privacy assertions increase the chance they disclose data they would not otherwise share.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is described as local/offline voice generation, but it imports and uses edge-tts, which relies on a remote service for synthesis. This creates a trust and privacy mismatch: users may provide sensitive text assuming it never leaves the host, when in fact it is transmitted externally.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The generate_voice function performs network-dependent speech synthesis despite the skill being framed as offline/local. In this skill context, that discrepancy is more dangerous because users are likely to use it specifically to avoid external transmission of message content, including potentially sensitive Telegram-related text.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
User-supplied text is sent to an external TTS service without any visible disclosure, warning, or consent mechanism. This can leak private or sensitive content and is especially problematic because the skill branding implies local/offline handling, which lowers user suspicion and increases the chance of unintended data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal