Trust Assessment
pocket-tts received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 2 critical, 2 high, 2 medium, and 0 low severity. Key findings include Arbitrary command execution, Missing required field: name, Dangerous call: os.system().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/sherajdev/pocket-tts/cli.py:100 | |
| CRITICAL | Dangerous call: os.system() Call to 'os.system()' detected in function 'main'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/sherajdev/pocket-tts/cli.py:100 | |
| HIGH | Arbitrary file write via user-controlled output path The `--output` argument allows a user to specify an arbitrary file path for saving the generated audio. A malicious user could direct the output to sensitive system files (e.g., `/etc/passwd`, `/root/.ssh/id_rsa`) to overwrite or append data. If the input text (`args.text`) contains sensitive information, this could lead to data exfiltration or system disruption by writing user-generated content to critical locations. Restrict output file paths to a designated, sandboxed directory (e.g., a temporary directory or a user-specific output folder). Implement strict validation and sanitization of file paths to prevent directory traversal attacks and ensure files are only written to allowed locations. | LLM | cli.py:115 | |
| HIGH | Arbitrary file read via user-controlled voice file path The `--voice-file` argument allows a user to specify an arbitrary file path to be used as a custom voice sample. This means the skill can be coerced into reading any file on the filesystem, including sensitive system files (e.g., `/etc/passwd`, `/root/.ssh/id_rsa`). The content of these files could then potentially be processed by the TTS model, or if the model has any logging/debugging features, the content could be exposed, leading to data exfiltration. Restrict input file paths to a designated, sandboxed directory. Implement strict validation and sanitization of file paths to prevent directory traversal attacks and ensure only allowed files can be read. | LLM | cli.py:106 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/sherajdev/pocket-tts/SKILL.md:1 | |
| MEDIUM | Direct shell command execution via os.system The skill uses `os.system` to execute a shell command (`pocket-tts serve`). While the command itself is hardcoded and appears to re-invoke the skill's own server functionality, `os.system` is a dangerous primitive that allows arbitrary shell command execution. If the `pocket-tts` command could be hijacked (e.g., via PATH manipulation or a malicious executable with the same name), this could lead to arbitrary code execution on the host system. Replace `os.system` with `subprocess.run` for better control, security, and error handling. Ensure that the command being executed is fully qualified or invoked directly within Python to prevent PATH hijacking. | LLM | cli.py:80 |
Scan History
Embed Code
[](https://skillshield.io/report/e2724dc722dc2729)
Powered by SkillShield