Trust Assessment
openai-tts received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Sensitive path access: AI agent config, Sensitive environment variable access: $OPENAI_API_KEY, JSON Injection via Unvalidated Parameters.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/nicoataiza/openai-tts-bak-2026-01-28t18-01-23-10-30/SKILL.md:45 | |
| MEDIUM | Sensitive environment variable access: $OPENAI_API_KEY Access to sensitive environment variable '$OPENAI_API_KEY' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/nicoataiza/openai-tts-bak-2026-01-28t18-01-23-10-30/scripts/speak.sh:59 | |
| MEDIUM | JSON Injection via Unvalidated Parameters The `model`, `voice`, `format`, and `speed` parameters are directly interpolated into the JSON payload sent to the OpenAI API without proper validation or escaping. An attacker can inject arbitrary JSON key-value pairs into the request body by providing specially crafted input for these parameters. For example, providing `--model 'tts-1", "malicious_key": "value'` or `--speed '1.0, "malicious_key": "value'` would result in a valid JSON structure with injected fields. While the OpenAI API might ignore unknown fields, this bypasses intended input validation and could potentially be used to probe for undocumented API features or cause unexpected behavior. Implement strict validation for `model`, `voice`, `format`, and `speed` parameters against a whitelist of allowed values and numeric ranges before interpolating them into the JSON payload. If input is invalid, the script should exit or use a safe default. For string values, ensure they are properly JSON-escaped if not validated against a whitelist. For numeric values, ensure they are strictly numeric and within expected bounds. | LLM | scripts/speak.sh:50 | |
| LOW | Arbitrary File Write via Output Path The script allows the user to specify an arbitrary output file path via the `--out` flag. This path is used in `mkdir -p "$(dirname "$out")"` and `curl -o "$out"`. While the use of `dirname` and quoting around `$out` mitigates direct command injection, it still allows the skill to write files to any location on the filesystem where the script has write permissions. This could lead to overwriting critical files, filling up disk space, or writing malicious content if the skill is executed with elevated privileges or in a sensitive directory. Restrict the output path to a designated temporary directory or a subdirectory within the skill's own workspace. If arbitrary paths are necessary, implement robust path sanitization and validation to prevent writing to sensitive system locations. Consider adding a confirmation step for writes outside of a safe default directory. | LLM | scripts/speak.sh:80 |
Scan History
Embed Code
[](https://skillshield.io/report/2208128896f28272)
Powered by SkillShield