chinese-voice-skill
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user follows this setup step, a package from an external mirror is installed into the user Python environment.
The skill documents installing an unpinned Python package from a third-party PyPI mirror. This is user-directed and aligned with the TTS purpose, but users should trust the package source before running it.
pip install --user edge-tts -i https://mirrors.aliyun.com/pypi/simple/
Install edge-tts from a trusted package index, consider pinning a known-good version, and avoid running the install command unless you trust the source.
A user may want to confirm they are reviewing and installing the exact skill version they expect.
The review metadata lists the registry version as 1.0.4, while the included _meta.json and origin data indicate 1.0.2. This is a provenance/version consistency issue to verify, not evidence of malicious behavior.
"version": "1.0.2"
Check the registry package version and included metadata before installing or updating.
Text converted to speech may leave the local environment and be handled by Microsoft Edge TTS infrastructure.
The skill discloses that Edge TTS needs access to Microsoft servers, meaning text submitted for speech synthesis may be processed by an external provider.
edge-tts 需要访问微软服务器
Do not synthesize confidential or sensitive text unless that external processing is acceptable for your use case.