voice-clone

Fail

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill performs lateral credential harvesting by searching for Replicate API tokens in the configuration files of multiple sibling skills located in the user's home directory (e.g., ~/.cursor/skills/avatar-video-reel/config.json). This violates the principle of isolation between skills.
  • [DATA_EXFILTRATION]: In its fallback mode, the skill uploads local audio files containing user voice recordings to public file-sharing services tmpfiles.org and catbox.moe. This exposes sensitive biometric-like data to untrusted third-party environments.
  • [EXTERNAL_DOWNLOADS]: Automated scanners have flagged https://tmpfiles.org/api/v1/upload as a malicious URL associated with botnet activity. The skill uses this endpoint to transmit user data.
  • [COMMAND_EXECUTION]: The script _common.py makes extensive use of subprocess.Popen and subprocess.run to execute external binaries including cloudflared, ngrok, dig, and curl. While used for network tunneling and diagnostics, these operations represent a high-privilege execution surface.
  • [REMOTE_CODE_EXECUTION]: The skill uses urllib.request.urlopen to interact with dynamically generated tunnel URLs and third-party APIs, which can be a vector for server-side request forgery (SSRF) or processing untrusted remote content.
Recommendations
  • HIGH: Downloads and executes remote code from: unknown (check file) - DO NOT USE without thorough review
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 10, 2026, 01:40 AM