rupali
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward voice-reply skill, with the main things to notice being its use of a Sarvam API key and sending generated text to Sarvam for audio synthesis.
This skill looks safe for its stated purpose, but install it only if you are comfortable providing a Sarvam API key and having generated reply text sent to Sarvam for MP3 creation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the configured Sarvam account/API quota to synthesize audio.
The skill needs a Sarvam API credential to perform text-to-speech. This is purpose-aligned, but users should know an external service credential is required despite the registry metadata listing no required environment variables.
Requires `SARVAM_API_KEY` in environment.
Use a dedicated Sarvam API key if possible, keep it scoped/rotatable, and monitor provider usage.
Anything included in the generated voice reply may be transmitted to Sarvam for audio generation.
The text selected for synthesis is sent to Sarvam's external TTS endpoint. This matches the skill's purpose, but it is still a third-party data flow.
API_URL = "https://api.sarvam.ai/text-to-speech/stream" ... payload = { "text": text, ... }Avoid using this skill for private or sensitive content unless that provider data flow is acceptable.
Installation or execution may fail if the runtime does not already include the dependency, and the registry metadata does not fully describe setup needs.
The helper depends on the Python requests package while the supplied install specifications say there is no install spec. This is a minor dependency/setup declaration gap, not evidence of malicious code.
import requests
Confirm the runtime has the required Python dependency and that the Sarvam API key is intentionally configured before use.