Jarvis Tts
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anything the assistant speaks through this skill may be transmitted to Microsoft edge-tts for audio generation.
The documentation discloses that text is sent to Microsoft’s TTS API to generate audio. This is purpose-aligned, but it means sensitive text could be shared with an external provider.
edge-tts 调用微软 TTS API 生成 MP3
Avoid using it for secrets, private messages, or sensitive business/personal data unless you are comfortable with that provider handling the text.
The skill will only work if the edge-tts package is installed, and the installed package version comes from the user’s Python package environment.
The skill depends on an external Python package installed separately, with no pinned version or lockfile shown. This is expected for the TTS purpose but is still a supply-chain point users should notice.
edge-tts (`pip3 install edge-tts`)
Install dependencies from trusted sources and consider pinning a known-good edge-tts version in managed environments.
Using the skill runs local Python/edge-tts and afplay processes to create and play audio.
The script invokes local commands to generate and play audio. This is central to the advertised function and uses argument arrays rather than shell interpolation.
subprocess.run([sys.executable, "-m", "edge_tts", ...]); subprocess.run(["afplay", tmpfile.name], timeout=120)
Install only if you are comfortable with local command execution for audio generation and playback.