Back to plugin

Security audit

SoundAI TTS Provider

Security checks across malware telemetry and agentic risk

Overview

This appears to be a focused SoundAI text-to-speech provider that sends text to SoundAI using a SoundAI API key and returns audio.

If you install this, expect text sent for speech synthesis to be transmitted to SoundAI's cloud API along with your SoundAI API key. Only use a custom baseUrl if you trust that endpoint. The main inconsistency is metadata quality: the registry says no environment variables are required, but the plugin does need SOUNDAI_API_KEY.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
audio.ts:26
Evidence
const apiKey = settings.apiKey || process.env.SOUNDAI_API_KEY;

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.js:10
Evidence
const apiKey = settings.apiKey || process.env.SOUNDAI_API_KEY;