Back to skill
Skillv1.1.0
ClawScan security
Crazyrouter Tts · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 10, 2026, 1:06 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code is a simple TTS client, but registry metadata omits the required API key and the package lacks provenance (no homepage/author), and the runtime can read local files and upload their contents — these inconsistencies and data-exfil risk warrant caution.
- Guidance
- What to check before installing: - Confirm the API key requirement: SKILL.md and the script require CRAZYROUTER_API_KEY (and optionally CRAZYROUTER_BASE_URL). The registry metadata omits this — ask the publisher to fix the metadata before trusting the skill. - Verify provenance: there is no homepage or verified owner. Prefer skills with a clear homepage, repository, or known publisher. - Be cautious with input files: the script will read any file you pass with --input and upload its contents to Crazyrouter. Do not use it on sensitive files (passwords, private keys, PII) unless you trust the service and key scope. - Limit and monitor the API key: use a scoped, revocable key if possible; rotate/revoke if you suspect misuse. - Run in a sandbox or isolated environment if you want to test: the code is small and readable, but network calls send data off-host — test with non-sensitive text first. - If you need higher assurance, request a signed source repository or contact the publisher for proof of identity and a homepage before installing.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md and scripts clearly require CRAZYROUTER_API_KEY (and optionally CRAZYROUTER_BASE_URL) to call Crazyrouter's API, but the registry metadata lists no required environment variables or primary credential. The lack of a homepage/owner provenance increases the concern — the requested credential is expected for a TTS client, but the metadata omission is an incoherence.
- Instruction Scope
- noteThe SKILL.md instructs the agent to run a local Node script which reads text or an input file and POSTs it to https://crazyrouter.com/v1/audio/speech. That behavior is consistent with TTS, but reading an arbitrary --input file and sending its contents to a remote API is a potential data-exfiltration vector and should be used only with trusted files and services.
- Install Mechanism
- okThis is instruction-only with a bundled small script (no install spec). Nothing is downloaded or installed at evaluation time, which reduces install-time risk.
- Credentials
- concernThe runtime expects CRAZYROUTER_API_KEY (and optionally CRAZYROUTER_BASE_URL), but the registry metadata does not declare these env vars or a primary credential. Requesting an API key for a TTS provider is reasonable, but the missing declaration and absent homepage/author metadata are disproportionate and reduce trust.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills, and has no install hooks; autonomous invocation is allowed (platform default) but not combined with elevated privileges. No persistent system-wide changes are visible.