Trust Assessment
mlx-tts received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include System-wide package installation via `brew`, Unpinned dependencies and prerelease packages.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | System-wide package installation via `brew` The `install.sh` script uses `brew install` to install `ffmpeg` and `uv`. This grants the skill the ability to modify the system's installed software and environment. If the agent's execution environment is not sufficiently sandboxed, this could lead to the installation of malicious software or system compromise. This represents an excessive permission for a skill. Skills should ideally operate within a self-contained environment (e.g., virtual environments, containers) and avoid system-wide package installations. If system-wide tools are absolutely necessary, consider pre-installing them in the agent's environment or using a more restricted, user-scoped installation method. | LLM | install.sh:3 | |
| MEDIUM | Unpinned dependencies and prerelease packages The `install.sh` script installs `ffmpeg`, `uv`, and `mlx-audio` without specifying exact versions. This means that future executions of the skill could pull different versions of these dependencies, potentially introducing breaking changes, vulnerabilities, or even malicious code if a package repository is compromised. The use of `--prerelease=allow` for `mlx-audio` further increases this risk by allowing unstable or unvetted versions to be installed. Pin all dependencies to specific, known-good versions (e.g., `brew install ffmpeg@5.1`, `uv tool install "mlx-audio==0.1.0"`). Avoid using `--prerelease=allow` in production environments unless absolutely necessary and with careful vetting. Implement checksum verification for downloaded packages where possible. | LLM | install.sh:3 |
Scan History
Embed Code
[](https://skillshield.io/report/76f6972a9e9cbb9e)
Powered by SkillShield