Skills
skills/yusufferdogan/openclaw-qwen-tts-skill/qwen3-tts/Gen Agent Trust Hub

qwen3-tts

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The scripts/setup-python.sh script downloads a Miniforge installer directly from GitHub. While GitHub is a trusted source, the script executes the downloaded shell script (bash /tmp/miniforge.sh), which is a common but inherently risky pattern if the source is compromised.
  • COMMAND_EXECUTION (LOW): The skill contains several shell scripts that execute Python scripts and manage environment state. These are standard for local AI setups but involve multiple subprocess calls.
  • DATA_EXPOSURE (INFO): Several scripts (generate-audio.py, generate-audio.sh, voice-reply.sh) contain hardcoded absolute paths pointing to /Users/yusuf/.... This exposes a specific local username and will lead to execution failures on other systems unless the environment variables are manually overridden.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 04:22 AM