ClawHub

TTS

v1.0.0

Use this skill whenever the user wants to convert text to speech, generate audio from text, create voiceovers, or produce spoken audio files. Triggers includ...

0· 85·0 current·0 all-time
byfengwm@fengwm64
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (text-to-speech) matches the instructions: the SKILL.md describes calling a hosted TTS HTTP API (generate speech, list voices/providers). Nothing requested is unnecessary for that purpose.
Instruction Scope
Instructions direct network calls to https://tts.102465.xyz and instruct saving output files to /mnt/user-data/outputs/. That is expected for a TTS skill, but the skill references a specific system path (not declared in requires.config) and recommends GET URLs (which will embed text in query strings). Both are functional but have privacy/operation implications (text sent to third party; GET leaks text in logs/refs).
Install Mechanism
There is no install spec and no code files — this is instruction-only, so nothing is written to disk by an installer. Lowest-risk install posture.
Credentials
The skill declares no environment variables or credentials and the instructions do not ask for secrets. That is proportionate for a public hosted-API usage model. (Note: absence of an API key implies the service may be public or unauthenticated.)
Persistence & Privilege
Skill is not always-enabled and does not request elevated/persistent privileges. It does suggest writing output files to a user-data directory, which is normal for producing artifacts.
Assessment
This skill appears to do what it says: call a third‑party TTS HTTP API and save MP3 output. Before installing, consider: (1) the API endpoint (tts.102465.xyz) is an unknown third party — any text you synthesize will be sent to that server, so avoid sending sensitive content; (2) GET URLs put text into query strings (may be logged or cached) — prefer POST for private or long text; (3) the instructions write files to /mnt/user-data/outputs/ — ensure you are comfortable with generated files being stored there; (4) no credentials are requested, so the service may be public/unrestricted — if you need audited/enterprise TTS, prefer an official provider or self-hosted alternative. Because this is instruction-only (no code to inspect), if you need higher assurance ask the publisher for an official domain, a privacy policy, or an auditable implementation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bwp0sr8esz7j7dh72046twd83b9mp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments