characteristic-voice
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation suggests using
yt-dlpto download audio/subtitles for voice cloning. Thespeak.shscript also makes authenticated HTTP requests tonoiz.ai/v1to perform text-to-speech synthesis and voice selection. - [COMMAND_EXECUTION]: The script executes
curlfor API interactions andkokoro-ttsfor local synthesis. It also utilizes a small Python helper for Base64 encoding/decoding and JSON parsing, which is implemented safely via heredocs without dynamic execution of untrusted input. - [DATA_EXPOSURE]: The script manages a sensitive API key stored at
~/.noiz_api_key. Security best practices are followed by setting file permissions to600(read/write for owner only) during theconfigcommand.
Audit Metadata