Trust Assessment
openclaw-virtual-gf-tts received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, Arbitrary File Write via Unrestricted Output Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential data exfiltration: file read + network send Function 'stream_tts' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/altonappleton32-ux/openclaw-sarvam-girlfriend/scripts/bulbul_tts.py:46 | |
| HIGH | Arbitrary File Write via Unrestricted Output Path The `scripts/bulbul_tts.py` script accepts an `--out` argument to specify the output file path for the synthesized audio. The skill's design implies that the Large Language Model (LLM) will construct and execute this command. If the LLM can be prompted to provide an arbitrary or malicious file path (e.g., `/etc/passwd`, `/tmp/malicious.sh`, or paths outside the intended working directory), the skill could be exploited to write to sensitive system locations, overwrite critical files, or place executable content in unexpected places. The `Path(args.out)` constructor does not sanitize or restrict the provided path. Restrict the output path to a specific, temporary, and sandboxed directory (e.g., `/tmp/skill_output/`). Implement strict validation on the `--out` argument to prevent directory traversal (e.g., disallow `../`) and ensure the path is within the designated safe output directory. Consider using a fixed, unique filename within the sandbox rather than allowing full path control. | LLM | scripts/bulbul_tts.py:69 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/altonappleton32-ux/openclaw-sarvam-girlfriend/scripts/bulbul_tts.py:5 | |
| MEDIUM | Sensitive Data Transmission to Third-Party API The skill's primary function involves sending user-provided text (via the LLM's generated reply) to the `https://api.sarvam.ai/text-to-speech/stream` third-party API. While this is the intended behavior for text-to-speech conversion, it means any sensitive or personally identifiable information (PII) that a user provides, and which the LLM incorporates into its reply, will be transmitted to an external service. Although the skill includes guardrails for content, the underlying mechanism allows for the transmission of potentially sensitive data outside the local environment, posing a privacy risk if not adequately disclosed or if the LLM's guardrails are bypassed. Clearly document to the end-user that their input text will be sent to a third-party text-to-speech provider. Implement robust input sanitization and content filtering within the LLM's prompt engineering or the skill's code to prevent the inclusion of sensitive PII or other confidential data in the text sent to the external API. Regularly review and strengthen the LLM's persona and safety guardrails. | LLM | scripts/bulbul_tts.py:40 |
Scan History
Embed Code
[](https://skillshield.io/report/3256b36e404bdd2e)
Powered by SkillShield