chinese-voice-skill
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: chinese-voice-skill Version: 1.0.4 The skill is designed to provide Chinese text-to-speech functionality using the legitimate 'edge-tts' Python library. The instructions in SKILL.md guide the agent to install the necessary dependency via pip and execute standard commands to generate audio files. No indicators of data exfiltration, malicious persistence, or harmful prompt injection were found; the requested permissions and network access are consistent with the stated purpose of interacting with Microsoft's TTS services.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user follows this setup step, a package from an external mirror is installed into the user Python environment.
The skill documents installing an unpinned Python package from a third-party PyPI mirror. This is user-directed and aligned with the TTS purpose, but users should trust the package source before running it.
pip install --user edge-tts -i https://mirrors.aliyun.com/pypi/simple/
Install edge-tts from a trusted package index, consider pinning a known-good version, and avoid running the install command unless you trust the source.
A user may want to confirm they are reviewing and installing the exact skill version they expect.
The review metadata lists the registry version as 1.0.4, while the included _meta.json and origin data indicate 1.0.2. This is a provenance/version consistency issue to verify, not evidence of malicious behavior.
"version": "1.0.2"
Check the registry package version and included metadata before installing or updating.
Text converted to speech may leave the local environment and be handled by Microsoft Edge TTS infrastructure.
The skill discloses that Edge TTS needs access to Microsoft servers, meaning text submitted for speech synthesis may be processed by an external provider.
edge-tts 需要访问微软服务器
Do not synthesize confidential or sensitive text unless that external processing is acceptable for your use case.