Sherpa Onnx Tts Local
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may require trusting downloaded native binaries from GitHub before using the local TTS workflow.
Setup obtains and extracts a native sherpa-onnx runtime archive from GitHub. This is purpose-aligned for local TTS, but the artifacts do not show checksum or signature verification.
"kind": "download", "url": "https://github.com/k2-fsa/sherpa-onnx/releases/download/v1.12.23/sherpa-onnx-v1.12.23-linux-x64-shared.tar.bz2", "extract": true, "targetDir": "runtime"
Install only if you trust the k2-fsa sherpa-onnx release source, and prefer verifying checksums or release signatures where available.
The documented command may fail or may rely on a wrapper not included in the scanned artifact set.
The provided manifest lists only SKILL.md and _meta.json, so the referenced bin wrapper was not available for review. This looks like incomplete packaging rather than hidden behavior, but it is a provenance gap.
The wrapper lives in this skill folder. Run it directly, or add the wrapper to PATH:
Before running commands from this skill, confirm that the expected bin/sherpa-onnx-tts wrapper exists and comes from a trusted package.
Using the skill involves running local executable code to generate audio files.
The normal workflow executes a local CLI/wrapper and writes an output WAV file. This is expected for a local TTS skill and is user-directed.
{baseDir}/bin/sherpa-onnx-tts -o ./tts.wav "Hello from local TTS."Run it only from the expected skill directory, choose output paths intentionally, and avoid adding unverified directories to PATH.