mmVoiceMaker
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts describe a coherent MiniMax voice/audio tool, with expected but sensitive use of an API key, third-party audio/text processing, and local FFmpeg file operations.
This skill appears coherent and purpose-aligned. Before installing or using it, be comfortable giving it a MiniMax API key, sending text or voice recordings to MiniMax, and allowing it to create temporary/final audio files in your working directory. Use only voice samples you have permission to clone and prefer a dedicated, revocable API key.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user who runs this skill is allowing the agent to make MiniMax API calls using their API key, potentially consuming quota and managing account voice resources.
The skill reads a MiniMax API key from the environment and uses it as a bearer token for MiniMax API requests, which is necessary for the stated service integration but gives the agent access to the user's MiniMax account operations.
api_key = os.getenv("MINIMAX_VOICE_API_KEY") ... "Authorization": f"Bearer {api_key}" ... url = "https://api.minimaxi.com/v1/text_to_speech/voice_list"Use a dedicated, revocable MiniMax API key if possible, avoid exposing it in chat logs, and revoke or rotate it when no longer needed.
Text and voice recordings used for synthesis or cloning may be transmitted to MiniMax, which can be sensitive or subject to consent requirements.
The documented voice-cloning flow uploads a local speaker recording to MiniMax and creates a custom voice asset; this is purpose-aligned but involves sensitive voice/audio data sent to an external provider.
file_id = upload_clone_audio("speaker.mp3")
result = clone_voice(
file_id=file_id,
voice_id="custom-001",Only use audio you have rights and consent to process, and review MiniMax's data retention and privacy terms before cloning voices.
The skill can create and delete local audio files in the working directory during normal use.
The skill writes generated audio and temporary files into the current working directory and later removes temporary files; this is appropriate for audio production and includes user confirmation before cleanup.
Generate and merge audio → intermediate files in `<cwd>/audio/tmp/`, final output in `<cwd>/audio/output.mp3` ... User confirms audio quality FIRST → THEN cleanup temp files
Run it from a project directory where generated `audio/` files are expected, and verify outputs before allowing cleanup.
Installation or first use may require extra setup that is not visible from the registry metadata alone.
The registry metadata under-declares runtime needs, while the skill documentation separately describes required packages, FFmpeg, and a MiniMax API key; this is a packaging/metadata gap rather than hidden behavior.
Required binaries: none ... Required env vars: none ... Primary credential: none ... No install spec — this is an instruction-only skill.
Before use, review the included setup docs, install only the stated dependencies, and confirm FFmpeg and the MiniMax key are intentionally configured.