Podcast Agent
PassAudited by ClawScan on May 10, 2026.
Overview
The skill’s behavior matches a podcast generator, but users should notice that it fetches web content, installs/uses Edge TTS, and sends script text to Microsoft’s TTS service.
This looks safe for generating podcasts from public articles. Before installing, be aware that setup uses an unpinned Python dependency, the skill will fetch web pages, and podcast script text is sent to an external TTS provider. Avoid using it with confidential source material unless that data sharing is acceptable.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or misleading article could influence the generated script if the agent treats page text as instructions instead of source material.
The workflow places retrieved web article content into the agent’s reasoning context. This is expected for the skill, but web pages can contain misleading or prompt-injection-style text.
Agent 用 `web_search` 搜索相关文章... Agent 阅读文章后,生成对话体脚本。
Use the skill for trusted or reviewable sources, and ensure the agent treats fetched article text as data to summarize, not as instructions to follow.
The skill will contact external websites selected during the podcast-generation workflow.
The CLI fetches user- or agent-selected URLs. The code includes SSRF-style checks that block private/internal addresses, so the network fetch is purpose-aligned and partially bounded.
safe, reason = validate_url(url) ... urllib.request.urlopen(req, timeout=15)
Review or constrain the URLs used for source articles if you need tighter control over outbound network access.
Installing an unpinned package may produce different code over time depending on the package repository state.
The setup uses an unpinned package install outside a formal install spec. This is central to the TTS purpose, but users should be aware of the dependency source and version.
pip install edge-tts
Install from a trusted Python package index and consider pinning a known-good `edge-tts` version.
Any text placed in the podcast script may be transmitted to the external TTS service.
Each podcast script segment is sent to the Edge TTS provider for audio synthesis. SKILL.md also discloses that edge-tts requires internet access and uses Microsoft TTS.
communicate = edge_tts.Communicate(text=text, voice=voice, rate=rate, pitch=pitch)
Avoid including confidential, private, or regulated information in podcast scripts unless you are comfortable sending it to the TTS provider.