Voice Bridge Light
v1.0.1提供兼容OpenAI接口的轻量级本地STT(Whisper)和TTS(Edge TTS/Piper)语音桥接HTTP服务。
⭐ 0· 145·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, requirements.txt and api_server.py are coherent: the code implements Whisper-based STT and Edge/Piper TTS and the listed Python packages match those capabilities. There are no unrelated environment variables, binaries, or credentials requested that would be inconsistent with a local TTS/STT bridge.
Instruction Scope
Runtime instructions stay within the stated purpose (install Python deps, run the Flask server, call /audio/speech and /audio/transcriptions). Notable operational points the user should be aware of: the default host is 0.0.0.0 and port 18790 (exposes the HTTP API to the network unless firewall/binding changed), Edge TTS uses Microsoft online services (network access), and the systemd example runs as root in /root/.openclaw/... (poor practice but not hidden behavior). The code writes uploaded audio to a temporary file and deletes it after transcription (expected for STT).
Install Mechanism
There is no registry-level install script, but the bundle includes requirements.txt and skill.yaml with a pip install -r requirements.txt instruction. Dependencies are standard PyPI packages (no obscure download URLs or extracted archives). This is a normal, low-risk install mechanism for Python packages, though some packages will pull large model artifacts at runtime.
Credentials
No required secrets or credentials are declared. The environment variables documented (host, port, engine selection, model paths, voice selection, model size) are appropriate for configuring a local TTS/STT service. The skill does not request unrelated credentials or access to other services beyond optional Edge TTS network use.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges in its manifest. The SKILL.md includes an optional systemd service example that runs the server as root and in /root/.openclaw/workspace — running as root is unnecessary and increases risk; this is an operational recommendation in the docs rather than hidden behavior in the code.
Assessment
This skill appears to do what it claims, but consider these precautions before installing:
- Network exposure: by default the server listens on 0.0.0.0:18790. If you don't want the service reachable from other hosts, bind to localhost or restrict access with a firewall.
- Edge TTS uses Microsoft online services (requires outbound network). If you need fully offline TTS, configure TTS_ENGINE=piper and provide local Piper models.
- Model downloads and memory usage: faster-whisper and Piper may download large model files and use hundreds of MB of RAM. Ensure you have disk and RAM headroom.
- Avoid running the service as root. If you use the provided systemd unit, change User to a non-privileged account and set WorkingDirectory appropriately.
- Verify Python package sources (PyPI) and review package reputations if you require higher assurance.
- If you need strong confidentiality, review access controls for the HTTP endpoint and consider adding authentication or only binding to localhost.Like a lobster shell, security has layers — review code before you run it.
latestvk97d9gw5pn8y9scaw1z6tft6th8340sbopenai-compatiblevk978cnt9g5ftggnb89pexm39bd834dbrsttvk978cnt9g5ftggnb89pexm39bd834dbrttsvk978cnt9g5ftggnb89pexm39bd834dbrvoicevk978cnt9g5ftggnb89pexm39bd834dbr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.