Back to skill
Skillv1.1.0
VirusTotal security
Truly Local Piper Multilang TTS (secure) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:27 AM
- Hash
- 4e6acd25dd492b11c188420515f2d056f263c625b7de984070ec263ef0754439
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: local-piper-tts-multilang-secure Version: 1.1.0 This skill is classified as benign. The code and documentation demonstrate strong security practices, including the use of `child_process.execFile` with argument arrays to prevent shell injection, rigorous input sanitization (`path.basename()`) and path validation (`startsWith(PIPER_DIR)`) to prevent path traversal, and explicit HTTPS-only downloads with URL component validation for voice models from a legitimate source (HuggingFace). User confirmation is required for setup and voice downloads, and all operations are confined to the skill's isolated virtual environment and the OpenClaw workspace. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection against the agent. The skill's behavior is fully aligned with its stated purpose of providing local, offline text-to-speech.
- External report
- View on VirusTotal