Xiaomi TTS
Security checks across malware telemetry and agentic risk
Overview
This appears to be a real Xiaomi text-to-speech plugin, but it may expose spoken text through logs and an optional extra AI-model audio-tagging step.
Review before installing if your agent may speak sensitive messages. Use a dedicated Xiaomi API key, verify the baseUrl, consider leaving audioTags disabled unless you accept the extra model call, and check whether OpenClaw logs will retain full spoken text.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private text that the agent turns into speech could appear in OpenClaw logs and be retained or later exposed through log collection, backups, or support bundles.
The test exercises synthesize() and asserts that an info log contains the actual styled text being synthesized, indicating user message content may be emitted to logs.
test("synthesize prefixes style into assistant text and logs request", ... assert.match(logs[1] ?? "", /\"text\":\"<style>播报风<\\/style>hi\"/);Redact the text from normal logs; log only length, format, voice, and non-sensitive metadata unless a user explicitly enables debug logging.
Text intended for Xiaomi TTS may also be processed by the configured/default agent model provider.
When audioTags is enabled, the plugin sends the TTS text to an embedded agent/model to add performance tags. This is disclosed and tool use is disabled, but it is still an extra model/provider data flow.
const runner = options.runtime?.agent?.runEmbeddedPiAgent; ... prompt: buildAudioTaggingPrompt(text), ... provider, model, disableTools: true
Enable audioTags only for text you are comfortable sending to the selected agent provider, explicitly configure the provider/model if needed, and keep the rewrite safety check enabled.
A Xiaomi API key is required for real synthesis and will be used for outbound TTS requests.
The plugin sends a Xiaomi API key as a Bearer token to the configured TTS endpoint, which is expected for this provider integration.
const url = `${config.baseUrl.replace(/\/$/, "")}/chat/completions`; ... Authorization: `Bearer ${config.apiKey ?? ""}`Use a dedicated Xiaomi API key with minimal necessary scope, verify the configured baseUrl, and rotate the key if logs or configuration files are shared.
Development logs can expose local paths or prompts and can trigger prompt-injection/provenance warnings during review.
The repository manifest includes a large development/terminal log with control-character artifacts. It is not referenced by the runtime entrypoint, but it is unexpected in a distributable plugin artifact.
codex exec --full-auto ...; hiddenCommentBlocksRemoved: 1; controlCharactersRemoved: 8
Remove logs/codex.log and other development logs from published artifacts, and keep package contents limited to runtime code and documentation.