ClawHub

Telegram Offline Voice

Security checks across malware telemetry and agentic risk

Overview

The skill does generate Telegram voice files, but it is marketed as offline/local while its TTS path appears provider-backed and may expose the text being spoken.

Review this as an online/provider-backed TTS wrapper unless the publisher updates it to use a truly local engine or clearly documents the external data flow. Avoid using it for private, regulated, or sensitive message text, and install uv through a verified package-manager or pinned installer instead of piping a remote script directly into the shell.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill documents shell-based installation and execution behavior but does not declare corresponding permissions, creating a mismatch between stated trust boundaries and actual capabilities. In an agent environment, undeclared shell access can lead users or orchestrators to run commands with broader system impact than expected.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is described as performing local/offline voice generation, but it uses edge-tts, which sends content to a remote service for synthesis. This mismatch can cause users to disclose sensitive text under the false assumption that processing stays on-device, creating a significant privacy and trust risk.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The implementation includes network-backed TTS functionality that is inconsistent with the stated offline/local purpose. In a skill explicitly marketed for local generation, undisclosed remote processing materially increases the security impact because users may choose it specifically to avoid external transmission of message contents.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
User-provided text is passed to edge_tts.Communicate and saved via a cloud-backed TTS workflow without any notice, warning, or confirmation. If users submit private or regulated content, that information may be exposed to third-party processing unexpectedly.

External Script Fetching

Low
Category
Supply Chain
Content
sudo apt update && sudo apt install ffmpeg python3-pip -y

# 推荐安装 uv 以极速运行封装脚本
curl -LsSf https://astral.sh/uv/install.sh | sh
```

## 🚀 使用方法 (推荐)
Confidence
98% confidence
Finding
curl -LsSf https://astral.sh/uv/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
sudo apt update && sudo apt install ffmpeg python3-pip -y

# 推荐安装 uv 以极速运行封装脚本
curl -LsSf https://astral.sh/uv/install.sh | sh
```

## 🚀 使用方法 (推荐)
Confidence
97% confidence
Finding
| sh

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal