ClawHub

Ai Audio Tts

Security checks across malware telemetry and agentic risk

Overview

This skill appears to use a cloud media backend in ways broader and more automatic than its stated voiceover/TTS purpose clearly explains.

Install only if you are comfortable sending prompts, media files, and project state to the NemoVideo backend and with the skill using anonymous or NEMO_TOKEN-backed sessions. Review non-voiceover edit, upload, state, and render actions carefully, and confirm before processing sensitive or proprietary media.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest presents the skill as narrowly scoped TTS/video voiceover conversion, but the body exposes a broader cloud media-editing system with uploads, state inspection, rendering, and generalized edit routing. This scope mismatch is dangerous because users and host platforms may grant trust or permissions based on the declared purpose while the skill can perform materially broader remote operations than expected.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Routing 'everything else' to a generic SSE action creates an overly permissive catch-all path that can forward unexpected user input to a remote backend with broad editing semantics. In this skill, that backend can interpret freeform commands for uploads, edits, state changes, and render operations, increasing the risk of unintended remote actions, data disclosure, or abuse beyond the advertised TTS workflow.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to automatically obtain an anonymous token and establish a remote session before doing anything else, without a clear user-facing disclosure that data and prompts will be sent to an external service. This undermines informed consent and can result in users unknowingly transmitting scripts, media metadata, or files to a third-party API.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal