Skill Trust Decision
lessac_offline_voice_system
The skill claims 'fully offline' with 'no data leaves your machine,' but actually uses edge-tts which transmits audio/text to Microsoft cloud servers - a significant doc-to-code mismatch indicating potential data exfiltration.
Most direct threat evidence
High Doc Mismatch
False claim of offline operation SKILL.md explicitly states 'Fully offline: No internet connection required' and 'Privacy-focused: All processing happens locally' and 'No data leaves your machine'. However, the implementation uses 'edge-tts' which is Microsoft's cloud TTS service that sends audio text to Microsoft servers.
SKILL.md:7 Why this conclusion was reached
2/4 dimensions flagged Block
Declared vs actual capability
1 undeclared or violating capabilities were inferred.
Review
Hidden execution and egress
5 lower-risk artifacts were extracted and still need context.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 2 severe findings.
Review
Dependencies and supply chain hygiene
3 dependency or supply-chain issues need attention.
What drove the risk score up
Doc-to-code mismatch (network behavior) +25
SKILL.md claims 'fully offline' and 'no data leaves your machine' but uses edge-tts which sends data to Microsoft cloud
Undeclared network access +15
edge-tts package makes HTTPS requests to Microsoft servers for TTS generation
Unpinned Python dependencies +10
pip install without version pinning for faster-whisper, edge-tts, soundfile
Shell injection risk +5
subprocess.run with shell=True in voice_handler.py
Most important evidence
High Doc Mismatch
False claim of offline operation
SKILL.md explicitly states 'Fully offline: No internet connection required' and 'Privacy-focused: All processing happens locally' and 'No data leaves your machine'. However, the implementation uses 'edge-tts' which is Microsoft's cloud TTS service that sends audio text to Microsoft servers.
SKILL.md:7 Either remove the edge-tts dependency and use local Piper TTS only, or update documentation to clearly disclose cloud dependency and data transmission.
High Data Exfil
Audio data transmitted to Microsoft cloud
The edge-tts package (installed in install.sh:85) makes HTTPS requests to Microsoft servers to generate TTS audio. This means user-provided text and any processed audio is sent to external servers, contradicting the skill's privacy claims.
scripts/install.sh:85 Remove edge-tts dependency if true offline operation is required. Use only self-hosted Piper TTS.
Medium Supply Chain
Unpinned Python package versions
Python packages are installed without version constraints: 'pip install faster-whisper edge-tts soundfile'. This allows dependency substitution attacks.
scripts/install.sh:85 Pin versions: pip install faster-whisper==X.Y.Z edge-tts==X.Y.Z soundfile==X.Y.Z
Low RCE
subprocess with shell=True
The voice_handler.py uses subprocess.run with shell=True for ffmpeg execution. While ffmpeg commands are typically static, shell=True introduces potential command injection risk if audio filenames are user-controlled.
scripts/voice_handler.py:39 Use subprocess.run with shell=False and pass arguments as a list for safer execution.
Declared capability vs actual capability
Filesystem Pass
Declared READ
→ Inferred WRITE
install.sh:100 - Creates config files, copies scripts to $INSTALL_DIR Network Block
Declared NONE
→ Inferred WRITE
SKILL.md claims offline, but edge-tts sends data to Microsoft servers Shell Pass
Declared NONE
→ Inferred WRITE
voice_handler.py:39 - Uses subprocess for ffmpeg (documented CLI tool) Suspicious artifacts and egress
Medium External URL
https://huggingface.co/rhasspy/piper-voices/resolve/v1.0.0/en/en_US/lessac/high/en_US-lessac-high.onnx README.md:75
Medium External URL
https://huggingface.co/rhasspy/piper-voices/resolve/v1.0.0/en/en_US/lessac/high/en_US-lessac-high.onnx.json README.md:76
Medium External URL
https://huggingface.co/rhasspy/piper-voices SKILL.md:165
Medium External URL
https://huggingface.co/rhasspy/piper-voices/resolve/v1.0.0/en/en_US/ryan/high/en_US-ryan-high.onnx references/voice_models.md:57
Medium External URL
https://huggingface.co/rhasspy/piper-voices/resolve/v1.0.0/en/en_US/ryan/high/en_US-ryan-high.onnx.json references/voice_models.md:58
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| faster-whisper | * | pip | No | Version not pinned |
| edge-tts | * | pip | No | Version not pinned - Microsoft cloud service |
| soundfile | * | pip | No | Version not pinned |
File composition
8 files · 1419 lines
Markdown 3 files · 592 linesPython 3 files · 422 linesShell 2 files · 405 lines
Files of concern · 5
scripts/install.sh Audio data transmitted to Microsoft cloud · Unpinned Python package versions
SKILL.md False claim of offline operation · https://huggingface.co/rhasspy/piper-voices
README.md https://huggingface.co/rhasspy/piper-voices/resolve/v1.0.0/en/en_US/lessac/high/en_US-lessac-high.onnx · https://huggingface.co/rhasspy/piper-voices/resolve/v1.0.0/en/en_US/lessac/high/en_US-lessac-high.onnx.json
references/voice_models.md https://huggingface.co/rhasspy/piper-voices/resolve/v1.0.0/en/en_US/ryan/high/en_US-ryan-high.onnx · https://huggingface.co/rhasspy/piper-voices/resolve/v1.0.0/en/en_US/ryan/high/en_US-ryan-high.onnx.json
scripts/voice_handler.py subprocess with shell=True
Other files · test_skill.py · voice_integration.sh · piper_tts.py
Security positives
No evidence of credential harvesting from environment variables
No base64-encoded payloads or obfuscated code
No reverse shell or direct C2 communication detected
No access to sensitive paths like ~/.ssh, ~/.aws, or .env files
Python code is readable and auditable
Dependencies come from standard, well-known packages (faster-whisper, piper-tts)