ClawHub

TopMediai TTS

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward TopMediai text-to-speech integration, with expected external API use and no hidden persistence or destructive behavior found.

Install only if you are comfortable sending synthesis text, selected voice data, and your TopMediai API key to the configured TopMediai endpoint. Keep the .env file private, use a dedicated API key if possible, leave TOPMEDIAI_BASE_URL set to the official service unless you trust another endpoint, avoid sensitive text, and do not enable TOPMEDIAI_DEBUG when processing private content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Tainted flow: 'url' from os.environ.get (line 113, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
headers = _headers(api_key)
    _debug_request("GET", url, headers=headers)
    try:
        r = requests.get(url, headers=headers, timeout=30)
        r.raise_for_status()
        return r.json()
    except Exception as e:
Confidence
91% confidence
Finding
r = requests.get(url, headers=headers, timeout=30)

Tainted flow: 'url' from os.environ.get (line 113, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
headers = _headers(api_key)
    _debug_request("GET", url, headers=headers)
    try:
        r = requests.get(url, headers=headers, timeout=60)
        r.raise_for_status()
        return r.json()
    except Exception as e:
Confidence
91% confidence
Finding
r = requests.get(url, headers=headers, timeout=60)

Tainted flow: 'url' from os.environ.get (line 113, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
headers = _headers(api_key)
    _debug_request("GET", url, headers=headers)
    try:
        r = requests.get(url, headers=headers, timeout=60)
        r.raise_for_status()
        return r.json()
    except Exception as e:
Confidence
91% confidence
Finding
r = requests.get(url, headers=headers, timeout=60)

Tainted flow: 'url' from os.environ.get (line 113, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
payload["emotion"] = emotion
    _debug_request("POST", url, headers=headers, payload=payload)
    try:
        r = requests.post(url, json=payload, headers=headers, timeout=120)
        r.raise_for_status()
        return r.json()
    except Exception as e:
Confidence
94% confidence
Finding
r = requests.post(url, json=payload, headers=headers, timeout=120)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill explicitly requires access to an environment variable for `TOPMEDIAI_API_KEY` and makes outbound network requests to external TopMediai endpoints, yet the manifest does not declare corresponding permissions. This creates a transparency and governance problem: users and platforms cannot accurately assess what sensitive capabilities the skill uses, increasing the risk of unexpected secret access and external data transmission.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to configure an external TopMediai API key and use a text-to-speech command, but it does not clearly disclose that user-provided text will be sent to a third-party service for processing. This can lead users to unknowingly transmit sensitive or regulated content outside their environment, creating privacy, confidentiality, and compliance risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documents external API calls for voice listing and text-to-speech generation but does not clearly warn that user-provided text, selected speaker, and related parameters are sent to a third-party TopMediai service. This omission can lead users to submit sensitive or proprietary content without realizing it leaves the local environment, creating privacy, compliance, and data-handling risks.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The CLI forwards arbitrary user-provided text to the external TopMediai service via text_to_speech() without any visible warning, consent prompt, or indication that the content leaves the local environment. This creates a privacy and data-handling risk because users may unknowingly submit sensitive or regulated text to a third-party API.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
When TOPMEDIAI_DEBUG is enabled, the code logs the full text-to-speech payload, which includes the full input text and possibly sensitive user content. Even though the API key is masked, debug logs can still expose private prompts, personal data, or proprietary text to local logs or centralized logging systems.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
python-dotenv>=1.0.1
Confidence
95% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
python-dotenv>=1.0.1
Confidence
95% confidence
Finding
python-dotenv>=1.0.1

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal