Coze Tts
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward Coze text-to-speech wrapper, but it sends your supplied text to Coze using your API key and writes an audio file locally.
Before installing, confirm you are comfortable sending the text you convert to Coze, use a limited-purpose COZE_API_KEY, and save audio to a new non-important output path.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Requests may consume your Coze quota and are made under the permissions of the API key you provide.
The script uses the user's Coze API key as a bearer token to call the Coze TTS service. This is expected for the skill's purpose, but it is still account-level credential use.
-H "Authorization: Bearer $COZE_API_KEY"
Use a dedicated Coze API key with only the permissions needed for TTS, and rotate it if you no longer trust the environment where it was set.
If an existing path is chosen as the output file, it could be overwritten or deleted during a failed request.
The user-selected output path is passed to curl for writing, and the script removes that path if the API returns an error. File output is central to a TTS skill, but users should avoid pointing it at existing or important files.
OUTPUT_FILE="$2" ... -o "$OUTPUT_FILE" ... rm -f "$OUTPUT_FILE"
Save to a new, dedicated audio filename or directory, and avoid using paths that already contain important files.
You have less information to independently verify who maintains this skill or where updates come from.
The package provenance is limited. This does not contradict the included source, but it gives users less external context for verifying the publisher or project origin.
Source: unknown; Homepage: none
Review the included script before installing and prefer a trusted publisher or repository when available.