Edge TTS
Security checks across malware telemetry and agentic risk
Overview
The skill appears to do what it claims—text-to-speech conversion—but users should notice the npm install step, online TTS service use, and persistent local preferences before using sensitive text.
This skill is reasonable to install if you want text-to-speech output. Before using it, remember that optional script setup installs npm dependencies, generated speech text is sent to an online TTS service, and local TTS preferences may be saved in ~/.tts-config.json.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the optional scripts will fetch and run npm package installation logic on the local machine.
The skill installs third-party npm dependencies to run its bundled TTS scripts. This is purpose-aligned and the package-lock includes integrity data, but npm installation remains a supply-chain surface users should notice.
cd scripts npm install --production
Review the included package.json/package-lock.json and install only from a trusted environment; avoid running the install with elevated privileges unless necessary.
Text submitted for speech generation may leave the local environment and be processed by the TTS provider.
The text being converted is sent to an online TTS provider. This is disclosed and central to the skill, but it creates an external data boundary.
Generate high-quality text-to-speech audio using Microsoft Edge's neural TTS service via the node-edge-tts npm package.
Do not convert secrets, confidential documents, or sensitive personal data unless you are comfortable with the provider handling that text.
Voice, proxy, timeout, and other TTS preferences may remain after the current task and affect future conversions.
The skill can persist TTS preferences in a home-directory config file. This is disclosed and limited to settings, but persistent settings can influence later TTS behavior.
const DEFAULT_CONFIG_PATH = path.join(require('os').homedir(), '.tts-config.json');Use the provided get/reset commands to review or clear saved preferences if output behavior seems unexpected.