Text To Speech
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is coherently focused on text-to-speech through an external CLI, but users should review the remote installer, login requirement, and external data sharing before use.
Install only if you trust inference.sh, consider manually verifying the CLI installer, use an account with appropriate limits, and avoid submitting sensitive text, private scripts, or cloned voices without consent.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI runs code downloaded from inference.sh, so the user must trust that installer source.
The skill documents installation by piping a remote script to a shell. This is a common CLI setup pattern and is disclosed, but users are relying on remote installer provenance outside the supplied artifacts.
curl -fsSL https://cli.inference.sh | sh && infsh login
Prefer the documented manual install and checksum verification path if available, and install only if you trust inference.sh.
If the skill is invoked, the agent can use the inference.sh CLI within the logged-in account context, including commands beyond the listed TTS examples.
The allowed tool scope permits any `infsh` CLI command rather than only the specific TTS app runs shown in the examples. This is purpose-aligned for a CLI-based integration, but broader than a single-model wrapper.
allowed-tools: Bash(infsh *)
Review generated commands before running them when possible, and keep CLI account permissions or billing limits appropriate for the intended use.
Commands may run under the user's inference.sh account and may consume account resources or access account-scoped app capabilities.
The skill requires logging into the external inference.sh CLI service, although the registry metadata declares no primary credential or required environment variables. This appears expected for the service integration.
infsh login
Use an account with appropriate limits and avoid sharing credentials or session files outside normal CLI login flows.
Text, scripts, and media URLs provided to the CLI may be processed by an external service.
The skill's core workflow sends user-provided text inputs to inference.sh-hosted model apps. This is disclosed and necessary for cloud TTS, but it is still an external data flow.
infsh app run infsh/kokoro-tts --input '{"text": "Hello, welcome to our product demo."}'Do not submit confidential, regulated, or third-party voice material unless the provider's privacy and retention terms are acceptable.
Generated audio could be mistaken for a real person's speech if voice cloning is used irresponsibly.
Voice cloning and expressive speech are disclosed capabilities that can be legitimate, but they can also be misused to create misleading or impersonating audio if used without consent.
Capabilities: text-to-speech, voice cloning, multi-speaker dialogue, podcast generation, expressive speech
Use voice cloning only with permission and disclose synthetic audio where appropriate.