Trust Assessment
qwen-tts received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 13 findings: 6 critical, 5 high, 2 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Suspicious import: requests, Potential data exfiltration: file read + network send.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings13
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/paki81/qwen-tts/scripts/tts-voicedesign.py:20 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/paki81/qwen-tts/scripts/tts-voicedesign.py:22 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/paki81/qwen-tts/scripts/tts-voicedesign.py:103 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/paki81/qwen-tts/scripts/tts.py:13 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/paki81/qwen-tts/scripts/tts.py:25 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/paki81/qwen-tts/scripts/tts.py:160 | |
| HIGH | Potential data exfiltration: file read + network send Function 'synthesize' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/paki81/qwen-tts/scripts/tts-voicedesign.py:67 | |
| HIGH | Potential data exfiltration: file read + network send Function 'synthesize_remote' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/paki81/qwen-tts/scripts/tts.py:128 | |
| HIGH | User input sent to arbitrary remote server The `tts.py` script sends user-provided text and other parameters to a remote server whose URL can be specified by the user via the `--remote` argument or the `QWEN_TTS_REMOTE` environment variable. This allows for potential data exfiltration if a malicious or untrusted remote server URL is provided by the user or an attacker. Implement strict validation and whitelisting for `remote_url` if remote execution is necessary. If the skill is intended for local execution only, remove the remote execution capability. Clearly warn users about the implications of providing untrusted remote URLs. | LLM | scripts/tts.py:100 | |
| HIGH | User input sent to arbitrary remote server (VoiceDesign client) The `tts-voicedesign.py` script sends user-provided text, voice descriptions, and other parameters to a remote server whose URL can be specified by the user via the `--remote` argument or the `QWEN_TTS_REMOTE` environment variable. This allows for potential data exfiltration if a malicious or untrusted remote server URL is provided by the user or an attacker. Implement strict validation and whitelisting for `remote_url` if remote execution is necessary. If the skill is intended for local execution only, remove the remote execution capability. Clearly warn users about the implications of providing untrusted remote URLs. | LLM | scripts/tts-voicedesign.py:41 | |
| HIGH | Arbitrary model loading from user-controlled input The `server.py` script allows users to specify an arbitrary `model_name` via the `model` field in the POST request body to `/tts` or via the `--model` argument when starting the server. The `load_model` function then calls `Qwen3TTSModel.from_pretrained(model_name, ...)`. Loading machine learning models from untrusted or arbitrary sources can lead to arbitrary code execution during the model loading process (e.g., if the model's configuration or associated files contain malicious code). This is a significant supply chain risk and a potential command injection vector. Restrict the `model_name` parameter to a predefined whitelist of trusted model identifiers. If dynamic model loading is required, implement robust validation and sandboxing mechanisms to prevent the execution of arbitrary code from untrusted model files. Consider signing models or using secure model registries. | LLM | scripts/server.py:76 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/paki81/qwen-tts/scripts/tts-voicedesign.py:31 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/paki81/qwen-tts/scripts/tts.py:50 |
Scan History
Embed Code
[](https://skillshield.io/report/0c4e19d24162e1ea)
Powered by SkillShield