speakturbo-tts
Fail
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: HIGH
Full Analysis
- REMOTE_CODE_EXECUTION (SAFE): The automated scan alert is a False Positive. Analysis confirms the code performs a local HTTP GET request to a daemon running on 127.0.0.1 for health checks and audio streaming; it does not download or execute arbitrary remote code.\n- COMMAND_EXECUTION (SAFE): The skill uses subprocesses to launch its local Python-based TTS daemon and to trigger system audio players (afplay or aplay) for playback. These commands are necessary for the skill's primary function and do not exhibit malicious patterns such as privilege escalation.\n- EXTERNAL_DOWNLOADS (SAFE): The installation process involves downloading dependencies from PyPI and cloning from GitHub. These are standard and transparent procedures for software installation and do not involve unverifiable or risky sources.\n- DATA_EXFILTRATION (SAFE): No exfiltration vectors were detected. Network activity is strictly limited to the local loopback interface (127.0.0.1) for communication between the CLI and the daemon.\n- PROMPT_INJECTION (SAFE): No instructions designed to override agent behavior, bypass safety filters, or extract system prompts were found.
Recommendations
- HIGH: Downloads and executes remote code from: unknown (check file) - DO NOT USE without thorough review
Audit Metadata