ClawHub

Moark Tts

v1.0.0

Text-to-Speech (TTS) and voice-feature skill for Gitee AI that lets the user choose audiofly, chattts, cosyvoice2, cosyvoice3, cosyvoice-300m, fish-speech-1....

0· 77·1 current·2 all-time
by@fchange
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, declared dependency on python, and the single required env var GITEEAI_API_KEY are consistent with a Gitee AI TTS client that calls ai.gitee.com. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md directs the agent to run the bundled Python scripts to call Gitee AI TTS endpoints and to accept model-specific flags. The scripts fetch HTTP(S) audio URLs and POST data to the Gitee API, and they may save or print returned binary or JSON. This behavior is coherent for TTS/feature-extraction, but note that the scripts will download arbitrary HTTP(S) URLs you supply and will forward those bytes to the API (possible exposure of any data available at those URLs).
Install Mechanism
This is instruction-only (no install spec). The shipped Python scripts run without installing external packages or downloading third-party code during install, which is low-risk.
Credentials
Only GITEEAI_API_KEY is declared and used by the scripts (get_api_key uses the argument or GITEEAI_API_KEY). That single credential is appropriate for calling Gitee AI.
Persistence & Privilege
The skill is not always-enabled and does not request persistent platform privileges. It does not modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: run the included Python scripts to call Gitee AI TTS and a CosyVoice feature-extraction endpoint using your GITEEAI_API_KEY. Before installing or running: 1) Review and keep your API key private—the scripts send it to ai.gitee.com. 2) Only provide audio URLs you trust: the scripts will download whatever HTTP(S) URL you pass and then send it to the API (so do not point them at sensitive internal endpoints or private resources you don't want uploaded). 3) The scripts may write binary output to disk and print returned JSON—be mindful of where files are saved. 4) If you need stronger guarantees, inspect the scripts locally and run them in a restricted environment (network sandbox or VM) before giving them access to sensitive data or keys.

Like a lobster shell, security has layers — review code before you run it.

latestvk978e7fqjvjx8dvgx6asqgwaws83gkdh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎤 Clawdis
Binspython
EnvGITEEAI_API_KEY
Primary envGITEEAI_API_KEY

Comments