Aliyun Qwen Tts Voice Design
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Alibaba Cloud Qwen TTS voice-design helper; users should mainly notice that it needs a provider API credential and an external Python SDK install.
Before installing, make sure you are comfortable using an Alibaba Cloud/DashScope API key and installing the DashScope SDK. Run it in a virtual environment, use a scoped credential if available, and review generated output files before sharing them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use your Alibaba Cloud/DashScope access to perform voice-design or speech-synthesis operations.
The skill requires a provider credential to access Alibaba Cloud Model Studio. This is expected for the stated TTS purpose, but users should understand the account access and possible billing/usage implications.
Set `DASHSCOPE_API_KEY` in your environment, or add `dashscope_api_key` to `~/.alibabacloud/credentials`.
Use a least-privileged API key where possible, avoid putting secrets in prompts or output files, and monitor provider usage/billing.
Installing the SDK will add third-party code to the local Python environment used for the workflow.
The skill instructs installation of an external Python SDK without pinning a version. This is a normal provider SDK setup step, but it leaves dependency version/provenance to the user environment.
python -m pip install dashscope
Install in a virtual environment as shown, consider pinning a known-good DashScope version, and use normal package-source hygiene.