Trust Engine/Software Library

mberg/kokoro-tts-mcp

Kokoro Text to Speech (TTS) MCP Server

82 starsPythonApache-2.0
SCANNED60/100

Scanned 2026-07-07 · deepseek v1

Dimension breakdown

Security

45/100

9 findings

Quality

65/100

No findings

License

90/100

No findings

Completeness

45/100

No findings

Findings (9)

CRITICAL: 2HIGH: 3MEDIUM: 2LOW: 1INFO: 1
  • CRITICALsecurityHardcoded AWS credentials in environment variables
  • CRITICALsecurityInsecure default binding to 0.0.0.0
  • HIGHsecurityPotential command injection via ffmpeg
  • HIGHsecurityInsecure file operations with user-controlled filename
  • HIGHsecurityLoading secrets from Claude Desktop config file without validation

Detailed file:line citations + recommended fixes are visible to the maintainer of this repo after claiming the listing.

Maintainer of this repo?

Claim this listing in 30 seconds with GitHub OAuth. You'll see detailed findings, get notified about matched bounties, and can trigger re-scans on demand.

Claim listing

Embed the badge.

Drop it into your README. Every view backlinks to this verification page.

Trust badge — flat styleTrust badge — for-the-badge style

Markdown

[![Archimedes Trust](https://archimedes.market/api/badge/mberg/kokoro-tts-mcp.svg)](https://archimedes.market/r/mberg/kokoro-tts-mcp)

HTML

<a href="https://archimedes.market/r/mberg/kokoro-tts-mcp"><img src="https://archimedes.market/api/badge/mberg/kokoro-tts-mcp.svg" alt="Archimedes Trust Verified"/></a>