Qwen3-tts
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: qwen-tts Version: 1.0.0 The skill provides text-to-speech functionality, supporting both local execution and a remote server option. The `scripts/setup.sh` script creates a Python virtual environment and installs legitimate Python packages (`qwen-tts`, `soundfile`). The `scripts/tts.py` and `scripts/tts-voicedesign.py` scripts either perform local TTS or connect to a user-configured remote server. The `MAC_SERVER.md` document describes how to set up a server on a separate machine (Mac), including using `launchd` for persistence, which is a standard practice for user-deployed services and not a malicious persistence mechanism on the agent's host. All observed behaviors, including network access for remote TTS and model downloads from Hugging Face, are clearly aligned with the stated purpose and lack any indicators of intentional harmful behavior or prompt injection against the OpenClaw agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the server is reachable on a network, other devices may submit text for synthesis, consume local compute, and potentially expose private text sent for TTS.
The server exposes a /tts endpoint and defaults to listening on all interfaces; the provided server code shows no authentication or authorization check around requests.
@app.post("/tts")
def synthesize(request: TTSRequest):
...
parser.add_argument("--host", default="0.0.0.0", help="Host to bind")Run the server only on localhost or a trusted private network, add authentication or firewall rules, and avoid sending sensitive text to a remote server unless you control and secure it.
A reachable caller could trigger unexpected model downloads or large resource use on the server machine.
The remote request can choose the model name, which is passed directly into model loading without an allowlist or size/source restriction.
model: str = "Qwen/Qwen3-TTS-12Hz-0.6B-CustomVoice" ... model = load_model(request.model) ... tts_model = Qwen3TTSModel.from_pretrained(model_name,
Hard-code or allowlist approved model IDs on the server, ignore client-supplied model names by default, and add request limits.
The installed code and dependencies may change over time if package versions are not pinned.
The setup script installs unpinned packages from package repositories; this is purpose-aligned for a local TTS model but depends on external package provenance.
pip install --upgrade pip setuptools wheel ... pip install qwen-tts soundfile
Review the packages before installing, prefer pinned versions or hashes, and install in the provided virtual environment only.
If enabled, the service can continue running after the original task, extending any network exposure until it is stopped.
The documentation includes an optional launchd configuration that keeps the TTS server running persistently.
<key>RunAtLoad</key> <true/> <key>KeepAlive</key> <true/>
Use autostart only if needed, document it clearly, and unload the launch agent when remote TTS is no longer required.