Volcengine TTS Audio Synthesis
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Volcengine text-to-speech helper; it uses a provider token and sends text to Volcengine as expected, with only setup and credential-handling notes to review.
This skill appears safe to install for Volcengine TTS use. Before using it, set the Volcengine credentials intentionally, keep .env and output files private, avoid sending sensitive text unless approved for Volcengine processing, and consider pinning the requests dependency if you need reproducible installs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can consume the user's Volcengine TTS quota or billing and depends on keeping the provider token private.
The skill requires a Volcengine application token to authenticate TTS requests; this is expected for the stated provider integration, but the token grants account-level service access.
- `VOLCENGINE_TTS_APP_ID` — 应用 ID - `VOLCENGINE_TTS_TOKEN` — 应用 Token
Use a dedicated Volcengine token where possible, keep it in environment variables or a private .env file, and avoid saving or sharing request payloads that include credentials.
Text submitted for speech generation is shared with Volcengine/ByteDance for processing.
The script sends synthesis requests to Volcengine's external API endpoint, which is consistent with the skill's purpose but means user-provided text leaves the local environment.
TTS_API_URL = "https://openspeech.bytedance.com/api/v1/tts"
Do not submit confidential or regulated text unless the provider's terms, privacy controls, and account configuration are acceptable for that data.
Installation will resolve the current requests package from the configured Python package index.
The setup instructions use an unpinned package install rather than a locked dependency specification; requests is a common, purpose-aligned dependency for the included HTTP client script.
- Install: `pip install requests`
Install from a trusted package index and consider pinning a known-good requests version in controlled environments.