Trust Assessment
piper-tts received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 1 critical, 4 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/das-monki/piper-tts/scripts/piper-tts.py:109 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'convert_audio'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/das-monki/piper-tts/scripts/piper-tts.py:109 | |
| HIGH | Potential data exfiltration: file read + network send Function 'send_to_matrix' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/das-monki/piper-tts/scripts/piper-tts.py:145 | |
| HIGH | Unsanitized user input in ffmpeg output path The `convert_audio` function executes `ffmpeg` using `subprocess.run`, passing the user-controlled `--output` argument directly as the output file path. While `subprocess.run` with a list of arguments (default `shell=False`) generally mitigates direct shell injection, an attacker could craft the `output_path` to exploit `ffmpeg`'s own argument parsing or file system interactions. This could lead to unintended file overwrites, denial of service (e.g., writing to special device files), or potentially more complex command execution if `ffmpeg` interprets special characters in the path in an exploitable manner. This vulnerability is present when the skill is invoked directly via its command-line interface, as demonstrated in the `SKILL.md` usage examples. Sanitize the `output_path` argument to ensure it is a valid and safe file path before passing it to `ffmpeg`. This can involve validating characters, ensuring it's not an absolute path outside expected directories, or using `pathlib.Path` to resolve and normalize the path. For `ffmpeg`, ensuring the path is a simple filename or a path within a designated output directory is best practice. | LLM | scripts/piper-tts.py:109 | |
| HIGH | Sensitive audio exfiltration to arbitrary Matrix room The `send_to_matrix` function loads `MATRIX_HOMESERVER` and `MATRIX_ACCESS_TOKEN` from local `.env` files and uses these credentials to upload generated audio to a Matrix homeserver. The destination `room_id` is directly controlled by the user via the `--room-id` command-line option. If the input text to the TTS skill contains sensitive information, an attacker could specify an arbitrary `room_id` to exfiltrate the resulting sensitive audio file to a Matrix room they control, leveraging the stored Matrix credentials. Implement strict validation for the `room_id` argument to ensure it points only to authorized or pre-configured Matrix rooms. Avoid allowing arbitrary `room_id` values when sensitive data might be processed. Additionally, ensure that the `MATRIX_ACCESS_TOKEN` has the minimum necessary permissions and scope to limit potential damage if compromised. | LLM | scripts/piper-tts.py:119 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/das-monki/piper-tts/scripts/piper-tts.py:28 |
Scan History
Embed Code
[](https://skillshield.io/report/3413ba4a1fb7fcc9)
Powered by SkillShield