ClawHub

Chanjing Tts

v1.0.2

Use Chanjing TTS API to convert text to speech. Primary credential: credentials.json (app_id/secret_key; access_token persisted). Not OpenClaw primaryEnv. CH...

0· 161·2 current·2 all-time
byIAMZn@iamzn1018
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and included Python scripts consistently implement a Chanjing TTS client: obtain access_token from app_id/secret_key in ~/.chanjing/credentials.json, list voices, create tasks, poll task status, and output audio URLs. No unrelated services, binaries, or env secrets are requested.
Instruction Scope
Instructions and code read/write the credentials file, call Chanjing Open API endpoints under https://open-api.chanjing.cc, and may open a browser login page when credentials are missing. The scripts print audio download URLs (they do not auto-execute arbitrary downloads). SKILL.md correctly warns that you must trust the API host and returned URLs.
Install Mechanism
No install spec; this is an instruction+script package using plain Python stdlib (urllib, json). Nothing is downloaded or written by an installer step beyond the scripts themselves.
Credentials
No unexpected env vars; optional CHANJING_CONFIG_DIR and CHANJING_API_BASE are appropriate. The skill persists sensitive data (access_token, expire_in, app_id/secret_key) to a local credentials.json — this is expected for file-based AK/SK flows but is sensitive and should not be committed to source control.
Persistence & Privilege
always:false and user-invocable default — the skill does not request permanent platform-wide presence or modify other skills. It will write/read its own config file (~/.chanjing/credentials.json). Note: when missing credentials the code may invoke a local 'open_login_page.py' script (if present) via subprocess.run, otherwise it opens the provider login page in the browser.
Assessment
This skill appears coherent for its stated TTS purpose, but review these practical safety points before installing: 1) Credentials are file-based: app_id/secret_key and refreshed access_token are stored under ~/.chanjing/credentials.json (or CHANJING_CONFIG_DIR). Do not commit that file to source control. 2) The scripts may open your browser for login; if a local chanjing-credentials-guard script exists the skill will try to run it — inspect that script before allowing it to execute. 3) After polling the API the skill prints a URL returned by the service for audio download — it does not validate or sanitize remote content, so only use with a trusted API host. 4) If you have concerns, run these scripts in an isolated environment and inspect/rotate keys after first use. Overall: functionality and requested access are proportionate, but treat the credentials file and returned URLs as sensitive.

Like a lobster shell, security has layers — review code before you run it.

latestvk973b4pyz9z1p4cgzwsatc24k583pdwb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments