Inworld TTS
PassAudited by ClawScan on May 1, 2026.
Overview
The skill coherently implements Inworld text-to-speech, with expected API-key and third-party data use that users should handle carefully.
Install if you are comfortable sending the chosen text to Inworld.ai and providing an Inworld API key. Store the key securely, use the narrowest scope available, verify local dependencies are installed, and avoid optional global symlinks unless you need them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may need to manually verify the included script and setup requirements before relying on the skill.
The registry metadata has limited provenance and does not declare the credential/dependency setup that the included SKILL.md documents. This is a transparency note rather than hidden behavior.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Required env vars: none
Review the visible script before chmod or symlinking it, and prefer metadata that declares INWORLD_API_KEY plus curl, jq, and base64 requirements.
Anyone who can read or use that environment variable may be able to make Inworld API calls under the user's account or consume quota.
The skill requires an Inworld API credential and suggests optional persistent storage. This is expected for the stated TTS integration but is still credential-sensitive.
Generate key with "Voices: Read" permission ... export INWORLD_API_KEY="your-base64-key-here" ... For persistence, add to `~/.bashrc` or `~/.clawdbot/.env`.
Use the narrowest available key scope, store the key only where trusted local processes can access it, and rotate the key if it is exposed.
Text submitted for speech synthesis leaves the local environment and is shared with Inworld.ai.
The caller-provided text is placed in the request payload and sent to Inworld's API. This third-party provider flow is necessary for the skill's purpose and is disclosed.
"text": $(echo "$TEXT" | jq -Rs .) ... --url "https://api.inworld.ai/tts/v1/voice" ... --data "$PAYLOAD"
Avoid sending confidential text unless the user is comfortable with Inworld.ai processing it under their account and data policies.