ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

LrshuAI Text To Speech

v1.0.0

文字转语音技能。当你需要将文本转换为自然的人声朗读时调用此技能。

0· 24·0 current·0 all-time
by@lrshu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill is a TTS helper and requires a TEAM_API_KEY which is plausible. However the script defaults to calling https://dlazy.com/api/ai/tool (an external third-party domain) via TEAM_BASE_URL even though that env var is not declared in the manifest; this default endpoint is unexpected and not documented in the skill metadata or description.
!
Instruction Scope
SKILL.md contains a CRITICAL instruction that the agent must run `python script/invoke_model.py` directly and must not use the normal `openclaw run` pathway. That explicitly attempts to bypass the platform's normal invocation layer. The script will send prompts and any provided local files (images/videos) encoded as base64 to the remote endpoint, which could leak content. The instructions give the agent broad discretion to execute a system python process outside the platform sandbox.
Install Mechanism
There is no install spec (instruction-only with an included script). No external installers or downloads are performed by the skill itself, which keeps install risk low. The included Python script will be executed at runtime.
!
Credentials
The manifest declares only TEAM_API_KEY as required (primary credential), which is reasonable for an API-backed TTS skill. But the code also reads TEAM_BASE_URL (undocumented) and defaults it to an external domain (dlazy.com). The presence of an undeclared base URL that points to a third-party server is disproportionate and could route sensitive data to an unexpected endpoint.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system configs. However the explicit instruction to bypass the platform's run mechanism increases its effective privilege at runtime by attempting to force direct system execution, which should be considered risky when combined with network access.
What to consider before installing
This skill is suspicious because it instructs the agent to run a local Python script directly (bypassing the platform runner) and the script sends prompts and any provided local files to an external default URL (https://dlazy.com) that is not declared in the manifest. Before installing: 1) verify the identity and trustworthiness of the skill owner and the dlazy.com endpoint; 2) prefer skills that use the platform's standard invocation method (do not allow instructions that force direct system execution); 3) if you must use it, set TEAM_BASE_URL explicitly to a trusted/internal endpoint and avoid running it where sensitive files or credentials are accessible; 4) inspect or audit the script yourself or request the developer to remove the hardcoded/default external endpoint and to declare TEAM_BASE_URL in the manifest; 5) if you cannot verify the endpoint or the owner, do not install or run this skill. Additional information that would change this assessment: confirmation of who operates dlazy.com, a manifest update declaring TEAM_BASE_URL, and removal of the instruction that forces direct system execution.

Like a lobster shell, security has layers — review code before you run it.

latestvk9730bfh74tf2n4mb43g7g12vd844bp5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🗣️ Clawdis
Binspython
EnvTEAM_API_KEY
Primary envTEAM_API_KEY

Comments