Skill Trust Decision
chattts
Hardcoded non-localhost IP address (172.23.252.114:8020) in both SKILL.md and script creates an undeclared network destination with no clear legitimate reason to avoid environment-based configuration.
Most direct threat evidence
High IP Address
172.23.252.114 Why this conclusion was reached
1/4 dimensions flagged Pass
Declared vs actual capability
Declared resources and inferred behavior are broadly aligned.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Pass
Attack chain and severe findings
There is no explicit malicious chain in the report.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
What drove the risk score up
Hardcoded IP address in script +15
Script defaults to http://172.23.252.114:8020 when CHATTTS_API_URL is unset
Non-localhost network destination +10
IP 172.23.252.114 is a private IP suggesting external infrastructure, not a local TTS server
Metadata declares hardcoded IP as requirement +6
SKILL.md metadata specifies env=['http://172.23.252.114:8020'] as the primary environment
Most important evidence
Medium Sensitive Access
Hardcoded fallback IP address
The script uses a hardcoded IP address (172.23.252.114:8020) as a fallback when CHATTTS_API_URL is not set. This creates a network dependency to an unspecified external endpoint without clear documentation of its trustworthiness.
scripts/tts.mjs:48 Remove the hardcoded IP fallback. Require CHATTTS_API_URL to be explicitly set, or default to localhost (127.0.0.1:8020) for local-only operation.
Medium Doc Mismatch
Non-localhost network destination declared as requirement
The SKILL.md metadata explicitly declares http://172.23.252.114:8020 as the primaryEnv requirement. For a typical TTS skill, a local server (localhost) would be expected. Using a private IP suggests external infrastructure without justification.
SKILL.md:4 If external TTS servers are legitimate use cases, document why. Otherwise, default to localhost for user privacy and security.
Declared capability vs actual capability
Network Pass
Declared READ
→ Inferred READ
SKILL.md:4 metadata declares env=['http://172.23.252.114:8020'] Shell Pass
Declared WRITE
→ Inferred WRITE
SKILL.md usage shows 'node {baseDir}/scripts/tts.mjs' Filesystem Pass
Declared NONE
→ Inferred NONE
No file operations in scripts/tts.mjs Environment Pass
Declared READ
→ Inferred READ
scripts/tts.mjs:48 reads process.env.CHATTTS_API_URL Suspicious artifacts and egress
High IP Address
172.23.252.114 SKILL.md:4
Medium External URL
http://172.23.252.114:8020 SKILL.md:4
Dependencies and supply chain
There are no structured dependency warnings.
File composition
2 files · 87 lines
JavaScript 1 files · 60 linesMarkdown 1 files · 27 lines
Files of concern · 2
scripts/tts.mjs Hardcoded fallback IP address
SKILL.md Non-localhost network destination declared as requirement · 172.23.252.114 · http://172.23.252.114:8020
Security positives
Skill functionality is straightforward: text-to-speech via HTTP API
No credential harvesting or sensitive file access
No obfuscation techniques (base64, eval) detected
Uses standard Node.js fetch API for HTTP requests
Environment variable CHATTTS_API_URL is supported as primary configuration method