voice-clone

Fail

Audited by Snyk on Jul 10, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The code intentionally exposes local voice files via public tunnels and — if no tunnel is available — uploads them to third‑party hosts (tmpfiles.org / catbox.moe), which results in deliberate data exfiltration of potentially sensitive audio; it also auto-reads Replicate API tokens from sibling skill config files.

Issues (1)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 10, 2026, 01:41 AM
Issues
1