minimax_ttsvoicereponse_feishu
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a straightforward MiniMax text-to-speech helper, with the main considerations being that it uses a MiniMax API key, sends requested text to MiniMax, and runs ffmpeg locally.
Before installing, make sure you are comfortable sending the text you want spoken to MiniMax, provide only a protected MiniMax API key, and install ffmpeg/requests from trusted sources. The artifacts do not show malicious behavior, but the Feishu sending step appears to rely on external OpenClaw message-tool integration rather than this script alone.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can consume MiniMax account quota or privileges associated with the provided key.
The script reads a MiniMax API key and uses it as a Bearer token for the MiniMax API. This is expected for the stated TTS function, but it is still a provider credential that users must protect.
api_key = os.environ.get("MINIMAX_VOICE_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a scoped or easily revocable MiniMax key, prefer environment variables over checked-in config files, and rotate the key if it is exposed.
Any text converted to speech may be processed by MiniMax and subject to that provider's privacy and retention practices.
The text to be spoken is sent to MiniMax's external TTS API. This is disclosed and purpose-aligned, but it means voice-reply text leaves the local/OpenClaw environment.
API_URL = "https://api.minimaxi.com/v1/t2a_v2" ... "text": text ... requests.post(API_URL, ... json=request_data, timeout=60)
Do not send secrets or highly sensitive content through this skill unless MiniMax's terms and privacy handling are acceptable.
A malicious or unexpected ffmpeg binary on the system path, or an unintended output path, could affect local files.
The script invokes the local ffmpeg binary to convert MP3 output into OGG. This is central to the stated audio-conversion purpose, but it depends on the ffmpeg binary found on the user's PATH and overwrites the chosen output path.
ffmpeg_result = subprocess.run(["ffmpeg", "-i", mp3_path, "-c:a", "libopus", "-b:a", "128k", "-ar", "48000", output_path, "-y"], ...)
Install ffmpeg from a trusted source and use the default or another trusted output location.
Security depends partly on the package manager sources and the local ffmpeg/requests versions installed by the user.
The skill relies on manually installed dependencies rather than a pinned install specification. This is common and disclosed for a TTS helper, but users should be aware of dependency provenance.
pip install requests ... sudo apt install ffmpeg ... brew install ffmpeg
Install dependencies from trusted package repositories and keep them updated.