feishu-minimax-t2a-voice

This skill appears to do what it claims (generate Feishu voice replies via MiniMax with Edge TTS fallback), but there are practical and transparency problems you should address before installing or enabling it: - Missing dependency/install info: The code requires Python packages (requests, edge_tts) and optionally ffmpeg, but no install spec (pip requirements or instructions) is provided. Ensure you install these dependencies in a controlled environment or ask the author for a requirements.txt or installation instructions. - Optional API key: MINIMAX_API_KEY is optional and used to call https://api.minimaxi.com/v1/t2a_v2. Only set this if you trust that service and the skill origin, and avoid reusing sensitive credentials. - Hard-coded filesystem path: reply.py copies outputs to e:\Profile\Mac\.openclaw\media\out (Windows-style). This is odd and may create files in unexpected places or fail on non-Windows systems. Consider changing the scripts to use a configurable path or a platform-agnostic location (e.g., a tempdir or the agent's media directory). - Network behavior: The skill makes outbound HTTP requests to the MiniMax API and uses edge_tts (which opens network connections). If you need strict outbound controls, run it in a sandboxed environment or inspect traffic. - Audit or sandbox before use: If you do not fully trust the source, run the scripts in an isolated/container environment, review or rewrite the filesystem paths, and validate the external endpoints and payloads. Ask the publisher for a clear requirements/install section (pip packages, ffmpeg requirement) and for clarification on the hard-coded path; resolving these would move this assessment toward 'benign'.