Skills
skills/letta-ai/lettabot/sherpa-onnx-tts/Gen Agent Trust Hub

sherpa-onnx-tts

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the sherpa-onnx runtime binaries and voice models from the official 'k2-fsa' GitHub repository (https://github.com/k2-fsa/sherpa-onnx). These are well-known resources for this technology.
  • [COMMAND_EXECUTION]: The Node.js wrapper script bin/sherpa-onnx-tts uses spawnSync to execute the local sherpa-onnx-offline-tts binary. This is the primary function of the skill and follows safe practices by using an argument array rather than a shell string, which prevents command injection.
  • [DYNAMIC_EXECUTION]: The script modifies environment variables like LD_LIBRARY_PATH, DYLD_LIBRARY_PATH, and PATH at runtime. This is done to ensure the downloaded shared libraries in the runtime directory are correctly located by the operating system's dynamic linker when the TTS binary runs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 11:40 PM