ClawHub
Back to skill
v1.0.2

Edge TTS English

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:20 AM.

Analysis

This is a straightforward text-to-speech skill, but it relies on a separately installed Edge TTS command and processes the text you provide through that TTS tool.

GuidanceThis skill appears coherent and purpose-aligned for generating spoken audio. Before installing, make sure the `edge-tts` binary at `/root/.local/bin/edge-tts` comes from a trusted source, use safe output paths such as `/tmp`, and avoid sending highly sensitive text for speech generation.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
scripts/speak.sh
/root/.local/bin/edge-tts \
  --voice "$VOICE" \
  --text "$TEXT" \
  --write-media "$OUTPUT"

The skill runs a local CLI with user-provided text, voice, and output path. This is expected for text-to-speech generation, but it is still command execution and file-writing behavior users should recognize.

User impactThe agent can generate an audio file from supplied text and write it to the chosen output path.
RecommendationUse the default temporary output path or another safe location, and do not ask the skill to read text you would not want processed by the TTS tool.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
Requires edge-tts installed via pipx. ... `/root/.local/bin/edge-tts`

The implementation relies on an external binary that is not included by the skill. This is purpose-aligned, but the installed package's provenance matters.

User impactThe behavior depends on whatever `edge-tts` binary is installed at that path.
RecommendationInstall `edge-tts` from a trusted package source and keep it updated; verify the path before using the skill.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceMediumStatusNote
SKILL.md
Generate native-quality English audio using Microsoft Edge TTS (`/root/.local/bin/edge-tts`).

The user-provided text is processed through Microsoft Edge TTS for speech synthesis. This is the skill's stated purpose, but it matters for privacy-sensitive text.

User impactText submitted for speech generation may be handled by the TTS provider/tool rather than staying only in the chat.
RecommendationAvoid submitting secrets, private records, or confidential text unless you are comfortable with how the TTS provider processes it.