🗣️ Edge-TTS Skill using uvx
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Text being converted to speech should be handled as a command argument safely; otherwise unusual characters in the text could affect command parsing.
The skill's core workflow inserts message text into a shell command. This is purpose-aligned for text-to-speech, but unsafe interpolation could mis-handle shell metacharacters if the runner does not escape arguments correctly.
uvx edge-tts --text "{msg}" --write-media {tempdir}/{filename}.mp3Use safe argument passing or robust shell escaping, and keep generated output paths within a controlled temporary directory.
The command may resolve to whatever `edge-tts` package version is available in the user's environment, so future package changes could affect behavior.
The skill depends on `uvx` to run `edge-tts`, but the artifacts do not pin a package version or provide a homepage/source reference. This is central to the skill's purpose, not hidden behavior.
requires": {"bins": ["uvx"]} ... uvx edge-tts --text "{msg}"Verify the `edge-tts` package source before use and consider pinning a known-good version if reproducibility matters.
Sensitive text converted to speech may be sent to Microsoft Edge's TTS service for processing.
The artifact discloses use of an external TTS provider, meaning text submitted for speech generation may leave the local environment.
Generate high-quality text-to-speech audio using Microsoft Edge's neural TTS service
Avoid sending confidential or regulated text unless the user accepts the provider's privacy and retention terms.