TTS文字转语音

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward text-to-speech skill that sends requested text to a disclosed external TTS endpoint and returns an audio file.

Install only if you are comfortable sending the text you ask it to read to tts.wangwangit.com. Do not use it for passwords, confidential business material, private records, or regulated data unless you have independently vetted that service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrases are broad enough to match ordinary conversation, which can cause the skill to activate unexpectedly and send user-provided text to the external TTS service without sufficiently clear intent. In this skill's context, accidental activation increases privacy risk because arbitrary user content may be transmitted off-platform.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill omits a clear warning that input text is sent to a third-party service at tts.wangwangit.com. This is dangerous because users may provide sensitive, private, or regulated information expecting local processing, resulting in unintended disclosure to an external operator.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal