ClawHub

Coze Tts

v1.0.3

Text-to-Speech (TTS) using Coze API. Convert text to natural-sounding speech audio files. Supports multiple voices and output formats (mp3, ogg_opus, wav, pcm).

0· 166·0 current·0 all-time
byxiaofei@franklu0819-lang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with the files and behavior: the script posts text to https://api.coze.cn/v1/audio/speech and saves audio. However there are minor inconsistencies: SKILL.md and references state default voice_id is 1, while the script sets VOICE_ID=6 and help text claims default 1. _meta.json version (1.0.2) differs from registry metadata (1.0.3). These look like packaging/documentation drift, not maliciousness.
Instruction Scope
SKILL.md instructs running the included shell script and only documents use of COZE_API_KEY and jq; the script's runtime actions are confined to building JSON, calling the documented Coze API endpoint, writing an audio file locally, and optionally using ffprobe. It does not attempt to read unrelated system files or other env vars.
Install Mechanism
This is an instruction-only skill with a shipped shell script and no install spec or remote downloads. Nothing is pulled from arbitrary URLs or executed during install.
Credentials
The only required env var is COZE_API_KEY which is appropriate for calling the Coze service. One minor proportionality issue: required binaries lists only jq, but the script also uses common utilities (curl, md5sum, stat, bc, date, ffprobe optional). These are typical but should be documented explicitly.
Persistence & Privilege
The skill does not request elevated or persistent platform privileges (always:false). It does not modify other skills or system-wide settings.
Assessment
This skill is coherent with its TTS purpose, but review before installing: (1) Confirm the API endpoint (https://api.coze.cn) and that you trust Coze and your API key—the script will send the text you provide to that external service. (2) Note the mismatch between documented default voice (1) and the script's VOICE_ID=6—test and adjust the default if needed. (3) The metadata/version in _meta.json differs from registry metadata; this is likely packaging drift but worth noting. (4) The skill declares jq as required but the script also expects curl, md5sum, stat, bc (and optionally ffprobe); ensure those tools exist on your system. (5) Limit the scope of the COZE_API_KEY (use least privilege / appropriate plan) and do not expose it publicly. If any of these points worry you or you need the script to behave differently, inspect or modify the script locally before use.

Like a lobster shell, security has layers — review code before you run it.

audiovk97cxjbejrt9qe34mc35g6kzqs83jkzvcozevk97cxjbejrt9qe34mc35g6kzqs83jkzvlatestvk97djshqx6a441tvnxhb8vaze983j2ycspeechvk97cxjbejrt9qe34mc35g6kzqs83jkzvttsvk97cxjbejrt9qe34mc35g6kzqs83jkzvvoicevk97cxjbejrt9qe34mc35g6kzqs83jkzv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsjq
EnvCOZE_API_KEY

Comments