ClawHub

OpenAI TTS

v1.0.0

Text-to-speech via OpenAI Audio Speech API.

6· 5.8k·53 current·53 all-time
byMark Pors 🦖@pors
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The stated purpose (Text-to-speech via OpenAI Audio Speech API) matches the script and SKILL.md: the included speak.sh calls https://api.openai.com/v1/audio/speech. However the registry metadata claims no required env vars or binaries, while the SKILL.md and script require OPENAI_API_KEY and curl (and the script actually uses jq). The mismatch between declared requirements and actual behavior is an incoherence.
Instruction Scope
Runtime instructions and the script are narrowly scoped: they build a JSON payload and POST it to api.openai.com, writing the returned audio to stdout or a file. The instructions do not ask the agent to read unrelated system files or send data to unexpected endpoints. The SKILL.md documents an optional config path (~/.clawdbot/clawdbot.json) for storing an API key; the script itself does not read that file (it expects OPENAI_API_KEY in env).
Install Mechanism
There is no install spec (instruction-only plus an included script). No external downloads or archive extraction are performed. Risk is low from installation perspective, but the script will be written to disk as part of the skill bundle and executed.
!
Credentials
The script requires an OpenAI API key (OPENAI_API_KEY) which is appropriate for contacting OpenAI. The concern is that the registry metadata incorrectly lists no required env vars while SKILL.md metadata and the script expect OPENAI_API_KEY. Additionally, SKILL.md lists curl as required but the script uses jq to escape JSON without declaring jq as a required binary — missing/incorrect declarations reduce transparency and can cause unexpected runtime behavior or misconfiguration.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide settings. It runs only when invoked and requires no elevated privileges.
What to consider before installing
This skill implements OpenAI TTS and sends text to api.openai.com using your OPENAI_API_KEY — that is expected for TTS. Before installing: (1) verify the skill source (the registry 'source' is unknown); (2) ensure the author and package are trustworthy; (3) be aware you must provide an OPENAI_API_KEY (the registry metadata incorrectly omitted this); (4) ensure curl and jq are available (the script uses jq but doesn't declare it); (5) prefer using a limited-scope or replaceable API key (create and revoke it if needed); (6) run the script in a safe environment first to confirm behavior; and (7) if you need metadata consistency, ask the publisher to correct the declared required env vars and binaries.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bt4k8950tdzb2rf09e5s8gh7yqheh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔊 Clawdis
Binscurl
EnvOPENAI_API_KEY
Primary envOPENAI_API_KEY

Comments