Clonev
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could generate speech that appears to come from a real person who did not consent.
The primary description frames cloning other people's or celebrity voices as an intended use, which can create audio that listeners may trust as authentic.
Clone their voice or someone else's voice... Works with: Any voice! Yours, a celebrity, a character, etc.
Use only with explicit consent, add clear labeling/watermarking guidance, and require the agent to verify consent before cloning a third party's voice.
Cloned voice audio could be sent externally before the user reviews the exact file, recipient, or impersonation risk.
The quick-reference workflow makes sending the generated cloned voice to Telegram part of the agent action sequence, without a separate confirmation or recipient-scoping step.
→ Run: VOICE=$(...clonev.sh "hello" "/path/to/sample.wav" en) → Send: message action=send channel=telegram asVoice=true filePath="$VOICE"
Default to saving the generated audio locally and require explicit user approval, destination, and context before sending it through any messaging channel.
Sensitive voice samples may remain on disk and could be reused in later runs or confused with another person's sample by filename collision.
The script copies the user-provided voice sample into a persistent hard-coded directory and does not delete it; if a filename already exists, it reuses the old copy instead of the current file.
if [ ! -f "${COQUI_DIR}/voice-samples/${SAMPLE_BASENAME}" ]; then
cp "$VOICE_SAMPLE" "${COQUI_DIR}/voice-samples/"
fiUse per-run temporary sample paths, clean up voice samples by default, avoid basename reuse, and clearly disclose any retention option to the user.
Future runs may execute different container code than the code reviewed here.
The skill runs an external Docker image tagged latest, so the executed runtime can change over time; this is purpose-aligned for XTTS but should be pinned and disclosed.
docker run --rm --entrypoint "" ... ghcr.io/coqui-ai/tts:latest ...
Pin the container image by version or digest and declare Docker, ffmpeg, model download size, and trusted image provenance in the install requirements.