ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Edge TTS English

v1.0.2

Generate high-quality English (and multilingual) audio using Microsoft Edge TTS. Use when the user asks to "speak this", "pronounce", "read aloud", "say this...

1· 305·0 current·0 all-time
byMikhail@davydenkovm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Edge TTS English) match the included script and SKILL.md. The script invokes /root/.local/bin/edge-tts to produce MP3 output — this is exactly what the skill claims to do.
Instruction Scope
SKILL.md instructs running scripts/speak.sh with text, voice, and output path then sending the MP3 via the platform message tool. The script only passes those arguments to edge-tts and writes an output file; it does not read unrelated files, environment variables, or endpoints itself.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md states edge-tts must be installed via pipx and references /root/.local/bin/edge-tts. That mismatch is not dangerous but means the skill will fail (or behave unexpectedly) if the binary is absent or at a different path. No third-party downloads or unknown URLs are present in the skill itself.
Credentials
The skill does not request environment variables, credentials, or config paths. This is proportionate for a simple TTS wrapper. Note: the edge-tts client it relies on may perform network calls to Microsoft services; that external behavior is not controlled by the skill's declared requirements.
Persistence & Privilege
Skill is not always-enabled and uses default model invocation behavior. It does not attempt to modify other skills or system-wide configs and only writes its own output file (default /tmp/edge_tts_output.mp3).
Assessment
This skill appears to do what it says: call the edge-tts client to produce MP3 audio and return it. Before installing, verify that you are willing to (a) let the agent run a local binary at /root/.local/bin/edge-tts (or change the path to where you installed it), and (b) allow edge-tts to communicate with Microsoft services — any text you send for TTS may be transmitted to Microsoft endpoints by that client. Because the registry entry includes no install step, consider installing edge-tts yourself (pipx) and confirming the binary path. If you need stricter guarantees, ask the author to add an explicit install spec, or inspect/replace the script to run a vetted TTS binary. Finally, ensure sensitive text is not sent to TTS if you do not want it shared with external services.

Like a lobster shell, security has layers — review code before you run it.

audiovk978hm7s73m48vzpmc0tfzxjv1826j87edge-ttsvk978hm7s73m48vzpmc0tfzxjv1826j87englishvk978hm7s73m48vzpmc0tfzxjv1826j87language-learningvk978hm7s73m48vzpmc0tfzxjv1826j87latestvk978hm7s73m48vzpmc0tfzxjv1826j87pronunciationvk978hm7s73m48vzpmc0tfzxjv1826j87speechvk978hm7s73m48vzpmc0tfzxjv1826j87ttsvk978hm7s73m48vzpmc0tfzxjv1826j87

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments