ClawHub

Auto-Talk-TTS

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed text-to-speech skill, but it tries to automatically speak every assistant message and send that text to an external TTS service without clear consent or control.

Install only if you intentionally want every assistant reply spoken aloud and are comfortable with generated text being processed by Microsoft Edge TTS. Avoid adding the mandatory SOUL.md rule unless you also add an explicit off switch, and verify the missing auto-speak wrapper before relying on the package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
97% confidence
Finding
The skill declares that every message will be automatically spoken, creating an always-on side effect with no scoping, exclusions, or consent boundary. In practice this can cause sensitive content, secrets, or private user data in otherwise text-only responses to be transmitted to an external TTS service and played aloud unexpectedly.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The usage section makes invocation fully automatic for every message, which is too broad for a skill that triggers external actions. This ambiguity increases the chance that the agent will invoke TTS on content the user did not intend to vocalize or send to a third-party service.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill states it uses Microsoft's Edge neural TTS service for every message but does not present a clear privacy warning or consent mechanism. That means potentially sensitive conversation content may be transmitted to a remote service without the user understanding the data-sharing implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill auto-installs packages and runs background audio generation/playback without clearly warning about system modification and asynchronous execution. This creates supply-chain and execution-risk concerns, and can surprise users by changing the environment or launching background processes without approval.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal