Feishu Voice (NoizAI)
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anything the user asks the assistant to speak may be sent to NoizAI, so private or sensitive text could leave the local environment.
The skill discloses that the text being converted to speech is uploaded to NoizAI's cloud TTS endpoint.
文字内容会上传到 `https://noiz.ai/v1/` 进行语音合成
Avoid using the skill for confidential text unless you are comfortable sending that text to NoizAI.
The behavior of voice generation depends partly on another installed skill, so this review does not fully cover all code that will run.
The included script locates and runs a tts.py file from the separate noizai-tts skill, whose source is not included in these artifacts.
TTS_SCRIPT = SCRIPT_DIR.parent / "noizai-tts" / "scripts" / "tts.py"
Review or install only a trusted version of noizai-tts before using this skill.
Using the skill runs local Python code to generate audio, which is expected but still requires trusting the installed skill files and dependency.
The skill uses subprocess to run the NoizAI TTS Python script. The command is constructed as an argument list, not through a shell, and this execution is central to the stated purpose.
result = subprocess.run(
cmd,
capture_output=True,Use this only in an environment where running the local TTS helper script is acceptable.
Users may be confused about whether an API key is needed or exposed to the TTS dependency.
Registry metadata declares a primary credential, while the SKILL.md text says the guest mode is free and requires no API key. The included script does not directly read this credential.
Primary credential: NOIZ_API_KEY
If you do not intend to use authenticated NoizAI access, do not provide a NOIZ_API_KEY; if you do provide one, review the noizai-tts dependency's handling of it.