ai-voice-cloning

[Skill Scanner] Pipe-to-shell or eval pattern detected The skill README and examples are consistent with a hosted TTS/voice‑cloning service and do not contain code-level malware indicators. The main supply-chain/operational risks are (1) executing a remote install script via curl | sh (installer can run arbitrary local commands) and (2) sending user text, media URLs, and credentials to external hosted services (inference.sh and other app backends), which may store or process data. There are no hardcoded secrets or obfuscated code in the provided document. Recommend verifying the authenticity and reputation of inference.sh before running the installer and reviewing the service's privacy/data retention policies if sensitive content or voice cloning of real people is involved. LLM verification: The SKILL.md itself is functional documentation for using a hosted TTS/voice-cloning service (inference.sh). It does not contain code that is obviously malicious, but it recommends a high-risk install pattern (curl | sh) and routes user-provided text/media through remote services (inference.sh and referenced third-party models). Those behaviors present supply-chain and data-exfiltration risks if the remote provider or installer script is untrusted. Recommend reviewing the installer script before