Back to skill

Security audit

Pocket Tts

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a local text-to-speech helper, with no evidence of hidden exfiltration or destructive behavior, but users should understand its model-download and voice-cloning implications.

Before installing, expect Python dependencies and possibly model files to be downloaded, then verify whether your environment permits Hugging Face access. Use voice cloning only with clear consent from the speaker and treat voice samples as sensitive personal data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation makes a strong safety/privacy claim that the skill is fully local and offline with no internet connection, but other sections require accepting a Hugging Face license and note a first-run model download. This can mislead users into running the skill in restricted or privacy-sensitive environments under false assumptions about network behavior and external dependencies.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The feature list advertises complete offline operation and no API calls, but later instructions and code examples depend on remote Hugging Face resources and first-run downloads. In a security context, contradictory claims about network access are dangerous because they can bypass user scrutiny and violate environment policies.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill promotes voice cloning from arbitrary WAV samples without any warning about consent, impersonation, or privacy risks. This increases the likelihood of misuse for non-consensual cloning, social engineering, or handling biometric voice data without appropriate safeguards.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.