voice-clone
Fail
Audited by Snyk on Jul 10, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). The code intentionally exposes local voice files via public tunnels and — if no tunnel is available — uploads them to third‑party hosts (tmpfiles.org / catbox.moe), which results in deliberate data exfiltration of potentially sensitive audio; it also auto-reads Replicate API tokens from sibling skill config files.
Issues (1)
E006
CRITICALMalicious code pattern detected in skill scripts.
Audit Metadata