Voice.ai Voices
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts show a coherent Voice.ai text-to-speech tool that uses your API key, sends requested text to Voice.ai, and saves audio locally, with no evidence of hidden or destructive behavior.
This looks reasonable to install if you want Voice.ai text-to-speech. Before use, set the API key only in your environment, understand that requested text is sent to Voice.ai and may use credits, and choose output paths carefully.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can consume Voice.ai account credits or expose account access if the API key is leaked or sent to an untrusted endpoint.
The SDK attaches the user's Voice.ai API key to API requests. This is expected for the service, but it is still account-level API authority and should be handled carefully.
this.baseUrl = options.baseUrl || BASE_URL; ... headers: { 'Authorization': `Bearer ${this.apiKey}`, 'User-Agent': 'VoiceAI-SDK/1.1.5' }Set VOICE_AI_API_KEY only as an environment variable, avoid sharing it in chat or logs, keep the default trusted endpoint unless intentionally using a trusted alternative, and rotate the key if exposed.
Text submitted for speech generation may be processed by Voice.ai, so confidential text should only be used if that fits the user's privacy expectations.
The skill discloses that TTS requests go to Voice.ai. That is purpose-aligned, but it means the text provided for synthesis leaves the local environment.
This skill: - Makes outbound HTTPS requests only to `https://dev.voice.ai` ... `/tts <text>` | Generate speech with default voice
Review Voice.ai's data handling terms before sending sensitive text, and avoid using secrets, private records, or regulated data as TTS input unless approved.
A poorly chosen output path could overwrite or place audio files somewhere unintended.
The CLI writes generated audio to a default or user-supplied output path. This is expected for TTS, but local file writes should be kept to intended locations.
const opts = { output: 'output.mp3', stream: false }; ... await client.generateSpeechToFile({ text: opts.text, voice_id: voiceId }, opts.output);Use an explicit, safe output filename in a project or downloads directory, and review any agent-chosen output path before running generation.