Trust Assessment
MiniMax 多人对话语音合成 received a trust score of 48/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 0 critical, 3 high, 2 medium, and 0 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, Path Traversal in Output File Paths.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential data exfiltration: file read + network send Function 'download_audio' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/hexiaochun/sutui-minimax-tts/scripts/merge_audio.py:64 | |
| HIGH | Path Traversal in Output File Paths The skill explicitly constructs output file paths using `../../../` to write `dialogue.json` and `merged.mp3` to a directory three levels above its current execution context. This allows the skill to write files outside its designated workspace, potentially overwriting critical system files or user data in parent directories. This is a severe path traversal vulnerability. Restrict file output to the skill's designated workspace or a temporary directory within it. Avoid using path traversal sequences like `../` in output paths. Ensure the skill's execution environment enforces strict sandboxing for file system operations. | LLM | SKILL.md:200 | |
| HIGH | Untrusted External Service for URL Generation (SSRF/Malicious Content Risk) The skill relies on an external `user-速推AI` tool to generate audio URLs (`output_format: "url"`). The `scripts/merge_audio.py` then downloads content from these URLs using `requests.get`. If the `user-速推AI` service is compromised or malicious, it could provide URLs that lead to Server-Side Request Forgery (SSRF) against internal network resources, or cause the skill to download and process malicious files disguised as audio. This introduces a significant supply chain risk. Implement strict URL validation (whitelist domains, block internal IPs, prevent `file://` schemes) before downloading content from URLs provided by external services. Consider sandboxing network requests. Evaluate the trustworthiness and security posture of the `user-速推AI` service. | LLM | SKILL.md:100 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/hexiaochun/sutui-minimax-tts/scripts/merge_audio.py:27 | |
| MEDIUM | Indirect Command Injection Risk via FFmpeg Dependency The `scripts/merge_audio.py` script relies on `pydub`, which internally invokes the `ffmpeg` command-line tool. While `pydub` generally passes arguments safely as a list to `subprocess.Popen` (mitigating direct shell injection), `ffmpeg` is a powerful external binary. If a highly sophisticated attacker could craft specific audio file metadata or manipulate `pydub`'s internal `ffmpeg` command construction (e.g., through a malformed `output_path` or `format` if they were user-controlled), it could potentially lead to command injection. The current skill hardcodes the output path, reducing the direct user-controlled risk, but the underlying dependency on `ffmpeg` still presents a potential attack surface. Ensure `pydub` and `ffmpeg` are kept up-to-date to patch known vulnerabilities. Consider using a more isolated environment (e.g., containerization) for executing `ffmpeg` commands if user-controlled inputs could influence its arguments. | LLM | scripts/merge_audio.py:120 |
Scan History
Embed Code
[](https://skillshield.io/report/ad5f123c75a11c84)
Powered by SkillShield