mmEasyVoice
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a legitimate MiniMax text-to-speech skill, but users should notice that it needs a MiniMax API key and may send text or voice samples to MiniMax.
This skill is reasonable for generating speech with MiniMax. Before installing or using it, be prepared to provide a MiniMax API key, avoid sending confidential text unless acceptable under MiniMax’s terms, and only use voice-cloning features with permission from the speaker.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill must provide an API key that can consume their MiniMax account quota or permissions.
The skill requires a MiniMax API credential to access the provider. This is expected for a MiniMax voice API integration, but it is sensitive account access and the registry metadata does not declare a primary credential.
- MINIMAX_VOICE_API_KEY environment variable (required)
Use a dedicated, least-privileged MiniMax API key if possible, and avoid sharing logs or environment dumps that could expose the key.
Sensitive or private text given to the skill may be transmitted to MiniMax for speech generation.
The code places user text into a request payload sent to the MiniMax asynchronous text-to-speech endpoint. This is purpose-aligned, but it means text content is processed by an external provider.
payload["text"] = text ... endpoint="t2a_async_v2"
Only submit text you are comfortable sending to the MiniMax service, and review MiniMax’s data handling terms for sensitive or regulated content.
Audio samples used for cloning may be uploaded to MiniMax and could create a reusable synthetic voice.
The included SDK exposes voice-cloning upload and clone functions. This is disclosed as an advanced voice feature, but voice samples are sensitive and may represent a person's identity.
Voice Cloning ... upload_clone_audio ... clone_voice ... quick_clone_voice
Only clone voices with clear permission from the speaker, and delete unused custom voices when they are no longer needed.
The skill may run FFmpeg locally to process audio files and write outputs to user-specified paths.
Audio processing invokes the local FFmpeg binary. This is expected for merging and converting audio and does not use shell execution, but it is still local command execution on user-provided files.
subprocess.run(["ffmpeg"] + args, capture_output=True, text=True, timeout=timeout)
Use trusted input audio files and verify output paths before running merge or conversion commands.
Future installs may resolve to newer dependency versions than the author tested.
The skill depends on standard Python packages using minimum-version ranges rather than exact pinned versions. This is common, but it makes installations less reproducible.
requests>=2.28.0 websockets>=10.0 ffmpeg-python>=0.2.0
Install in a virtual environment and consider pinning dependency versions if reproducibility is important.