ClawHub

Inworld TTS

v1.0.0

Text-to-speech via Inworld.ai API. Use when generating voice audio from text, creating spoken responses, or converting text to MP3/audio files. Supports multiple voices, speaking rates, and streaming for long text.

1· 2.1k·4 current·4 all-time
by@gugic
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the behavior: the script calls Inworld.ai TTS endpoints to produce MP3 output. However, the registry metadata lists no required environment variables or primary credential while the SKILL.md and scripts clearly require INWORLD_API_KEY (a Basic Base64 key). This mismatch should be corrected.
Instruction Scope
SKILL.md instructions are scoped to generating TTS: instructing the user to set INWORLD_API_KEY, install/copy the script, and run curl/jq/base64 against Inworld endpoints. There are no instructions to read unrelated system files or to transmit data to unexpected hosts.
Install Mechanism
There is no automated install spec (instruction-only), which keeps risk low. The included script is executed locally. The docs suggest optionally symlinking into /usr/local/bin — that requires elevated write access and is a local decision; review the script before creating global symlinks.
!
Credentials
Functionally the skill only needs a single service credential (INWORLD_API_KEY with Voices: Read), which is proportionate. The concern is the metadata omission: required env vars/primary credential are not declared in the registry, creating an information gap. Also SKILL.md suggests persisting the key in ~/.bashrc or ~/.clawdbot/.env; users should be aware this stores a secret on disk.
Persistence & Privilege
The skill does not request always: true and does not alter other skills or global agent configuration. Its suggested persistence (storing env var in shell profile) is a local, user-controlled action rather than an automatic privilege escalation by the skill.
Assessment
This skill appears to do exactly what it says — post text to Inworld.ai and decode the returned base64 audio to an MP3. Before installing: 1) Be aware you must supply INWORLD_API_KEY (a Basic Base64 key) — the registry metadata currently omits that requirement; 2) Create a least-privileged Inworld key (Voices: Read) rather than a full account key; 3) Avoid blindly adding secrets to ~/.bashrc or world-readable files — consider a secure credential store or restricted-permission .env; 4) Review scripts/tts.sh yourself (it is short and readable) before symlinking it into /usr/local/bin; 5) Network traffic will go to api.inworld.ai (expected for this skill). If you need the registry metadata to list required env vars for auditing, ask the publisher to update it or decline until corrected.

Like a lobster shell, security has layers — review code before you run it.

latestvk97360b8khbe17vgqm7pjb93yn808cv2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments