Skillv1.0.1

ClawScan security

mmVoiceMaker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 12:00 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the stated TTS and audio workflows, but the package metadata omits required credentials and there are mismatches between what the skill declares and what its instructions/code actually require — the inconsistencies merit caution before installing.
Guidance: Key things to consider before installing/use: - Metadata mismatch: the registry claims 'no required env vars' but the skill and its check script require MINIMAX_VOICE_API_KEY (and optionally MINIMAX_API_BASE). Do not proceed without confirming where that API key comes from and what permissions it has. - Network calls: the code will call https://api.minimaxi.com (or whatever MINIMAX_API_BASE you set). Verify the API provider is legitimate and that sending audio and transcripts to it matches your privacy policy. - Run checks in a safe workspace: follow the instructions to run python check_environment.py and run the CLI from an isolated folder or container so the tool's temp files (./audio/tmp/) cannot overwrite important data. - Review included code if you can: because the package includes Python scripts, inspect scripts/ for any unexpected endpoints, logging of secrets, or upload routines before providing your API key. - If unsure, run in an isolated environment (VM/container) and/or provide a least-privilege API key (if provider supports scoping) or a test account. Resolve the metadata inconsistency with the skill author (who/what is the MiniMax service and why were required env vars omitted) before trusting it with sensitive inputs.

Review Dimensions

Purpose & Capability: concernThe name/description (MiniMax TTS + FFmpeg) match the included code and docs: the code implements TTS, cloning, design, and FFmpeg-based audio processing. However, the registry metadata claims no required environment variables or credentials while both SKILL.md and the code clearly require MINIMAX_VOICE_API_KEY (and optionally MINIMAX_API_BASE). That metadata omission is an incoherence: someone implementing this skill legitimately needs the API key and FFmpeg, so the declared metadata is incorrect or incomplete.
Instruction Scope: noteRuntime instructions tell the agent to run check_environment.py, create and validate segments.json, save intermediate and final audio files under the agent's current working directory, and to contact the MiniMax API. The instructions therefore require filesystem write access in the agent's cwd and network access to api.minimaxi.com. Nothing in the instructions directs broad or unrelated data collection, but the agent will create potentially many temp files (./audio/tmp/) and is told to persist temp files until the user confirms — be careful to run in a safe directory and review produced files before deleting.
Install Mechanism: okThere is no external install step or remote download in the skill bundle — the Python source files are included in the package. That reduces supply-chain risk relative to arbitrary remote installs. The code expects typical Python dependencies (requests, websockets) and FFmpeg, but there is no automatic installer; the user/agent must install those separately.
Credentials: concernAlthough the registry lists no required env vars, both SKILL.md and check_environment.py require MINIMAX_VOICE_API_KEY (and support MINIMAX_API_BASE). The skill will read that environment variable and use it to authenticate to the MiniMax API. This mismatch between declared and actual required credentials is a material inconsistency and should be resolved before use. Aside from the API key and FFmpeg, no unrelated credentials are requested.
Persistence & Privilege: noteThe skill is not marked always:true and does not request elevated platform privileges. It does write temporary and output audio files into the agent's working directory and suggests manual cleanup (rm -rf ./audio/tmp/). That file-writing behavior is expected for audio production but means you should avoid running it from sensitive system directories and confirm file locations before running destructive cleanup commands.