Skillv1.0.1

ClawScan security

fishaudio-tts · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 10:04 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it claims (calls FishAudio to produce MP3s) but its metadata and instructions fail to declare that it reads a workspace TOOLS.md and requires an API key, which is an incoherence worth caution.
Guidance: This skill appears to be a straightforward FishAudio TTS client, but be aware of two issues before using it: (1) the registry metadata does NOT declare that the script needs an API key, yet the code requires FISH_AUDIO_API_KEY (or will try to extract one from ~/.openclaw/workspace/TOOLS.md). (2) the script reads that specific TOOLS.md file (and checks it for a proxy string), which could contain other secrets you didn't intend to expose. Recommendations: inspect the fish_tts.py source yourself (it is included) and only run it if you trust it; prefer setting the API key via an environment variable rather than storing it in TOOLS.md; verify that ~/.openclaw/workspace/TOOLS.md doesn't contain any other sensitive tokens before allowing the skill to read it; run the script in an isolated environment or sandbox and monitor network requests to ensure it calls the expected https://api.fish.audio endpoint. If you are uncomfortable with undeclared file access, ask the publisher to update the metadata to declare the required env var and config path (or remove implicit TOOLS.md parsing).

Review Dimensions

Purpose & Capability: concernThe description is a FishAudio TTS client, which is coherent with the included Python script. However the registry metadata declares no required environment variables or config paths while the code clearly needs a FishAudio API key (FISH_AUDIO_API_KEY) and also attempts to read ~/.openclaw/workspace/TOOLS.md for an API key. That mismatch (undisclosed credential requirement and file access) is disproportionate to the claimed metadata.
Instruction Scope: concernSKILL.md tells users to put their API key in an env var or TOOLS.md, but the runtime instructions in the included script explicitly read ~/.openclaw/workspace/TOOLS.md (searching for 'fish'/'api'/'key') and also looks for a specific local proxy string (127.0.0.1:7890). Reading a user workspace file was not declared in metadata and expands the scope of data the skill touches; while the code only parses for a key/proxy, it still reads an undeclared local file.
Install Mechanism: okNo install spec; this is an instruction-only skill with a single Python script that uses the widely used requests library. There are no remote downloads or archives, and the SKILL.md suggests 'pip install requests' only. Install risk is low.
Credentials: concernThe skill actually requires an API key (FISH_AUDIO_API_KEY) even though the registry lists none. It also reads a local TOOLS.md for the key and proxy configuration. Requiring access to an undeclared user file and a secret is disproportionate to what the metadata claims and should be explicitly declared. The script does not request unrelated cloud creds, but the missing declaration and file read are notable.
Persistence & Privilege: okThe skill does not request 'always' presence and does not modify other skills or system-wide settings. It writes generated audio files to user-specified paths (expected behavior) and has no special persistence or elevated privileges.