Back to skill

Security audit

Chinese TTS

Security checks across malware telemetry and agentic risk

Overview

This skill coherently converts Chinese text to speech for Feishu voice messages, with no hidden persistence or unrelated behavior found.

Install only if you intend to use Microsoft Edge TTS and Feishu for these voice messages. Avoid secrets, credentials, regulated data, or confidential business text unless you are comfortable with those external services processing or carrying the content, and confirm the Feishu recipient before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger language is broad enough to match common words like 'voice' or 'audio', which can cause the skill to activate in contexts the user did not intend. In an agent environment, unintended invocation can lead to unnecessary external tool execution, file creation, or sending audio messages when the user expected a normal text response.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
Forcing Chinese output without explicit user choice can cause the assistant to transform content into an unintended language or locale. While this is more of a safety and UX issue than a direct exploit, it can still lead to misdelivery, user confusion, or accidental disclosure if audio is generated or sent in a form the user did not request.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends arbitrary input text to `edge-tts`, which relies on an external TTS service, but provides no warning, consent flow, or indication that user content leaves the local environment. This creates a real privacy risk if the skill is used on sensitive messages, credentials, or internal data, especially in an agent workflow where users may assume local processing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.