Edge TTS 儿童配音定制版

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chinese text-to-speech helper that generates MP3 audio, with minor caveats around broad triggers and external TTS processing.

Install if you are comfortable with text being processed by Microsoft Edge TTS and generated MP3 files being posted into the current conversation. For stricter control, use explicit prompts to avoid accidental activation and consider reviewing or pinning the referenced edge-tts dependency.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list includes very generic terms such as “TTS”, “语音”, and “配音”, which are likely to appear in normal conversation and can cause the skill to activate unintentionally. In a skill that auto-generates and sends files to the conversation, accidental invocation increases the chance of unwanted network use, file generation, and confusing or surprising agent behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal