Fish Tts
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill fits a TTS/upload use case, but it embeds a real-looking NextCloud password and attempts WebDAV uploads to a fixed server by default.
Review carefully before installing. Do not use the embedded NextCloud password; rotate it if it is real, configure your own HTTPS endpoint and limited app password, and require an explicit upload confirmation before sending generated audio to cloud storage.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can view or run the skill can see or use the embedded NextCloud credential, and the agent may use it to write to that account.
The code embeds a real-looking default NextCloud username and password, even though the registry metadata declares no primary credential.
NEXTCLOUD_USER = os.environ.get('NEXTCLOUD_USER', 'openclaw')
NEXTCLOUD_PASS = os.environ.get('NEXTCLOUD_PASS', 'N95qg-...-RaEW5')Remove hardcoded secrets, rotate the exposed credential, declare the required credential in metadata, and require users to provide a limited app-specific token.
A user asking only to generate speech may also trigger a write to the configured NextCloud location.
The generate command directly invokes the generate-and-upload workflow, so the WebDAV upload attempt is not gated behind a separate explicit upload request.
if args.command == 'generate':
...
result = generate_and_upload(text, voice, f"fish_tts_{datetime.now().strftime('%Y%m%d_%H%M%S')}.mp3")Separate generation from upload, honor an explicit output/upload option, and ask for confirmation before writing to a cloud account.
NextCloud credentials and generated audio could be exposed to devices or observers on the same network path.
The documented WebDAV upload sends credentials and audio over plain HTTP to a fixed private-network endpoint, without TLS protection.
curl -s -u "$NEXTCLOUD_USER:$NEXTCLOUD_PASS" ... "http://192.168.68.68:8080/remote.php/webdav/Openclaw/fish_audio.mp3"
Use HTTPS for WebDAV, avoid Basic Auth over plain HTTP, and let users configure their own trusted endpoint.
Users have less information about where the skill came from, how dependencies should be installed, or who maintains it.
The skill has limited provenance and setup metadata; this is not malicious by itself, but it reduces reviewability.
Source: unknown Homepage: none Install specifications: No install spec
Publish a source repository/homepage and declare dependencies, required environment variables, and credential expectations.