qwenspeak
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The TTS workflow is coherent, but the setup asks users to run an unpinned remote GitHub installer with sudo, so installation needs careful review.
Review the remote installer before running it with sudo, preferably pin it to a known commit or use an isolated environment. Only connect the skill to a trusted qwenspeak host, verify the SSH host key, and be careful when uploading voice reference audio or private text for speech generation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised or changed installer could modify the local system with root privileges, including Docker/service setup and files under `/usr/local/bin`.
The documented quick install pipes a remote script from the moving `main` branch directly into `sudo bash`; that installer is not included in the reviewed artifacts and is not pinned by checksum or commit.
curl -fsSL https://raw.githubusercontent.com/psyb0t/docker-qwenspeak/main/install.sh | sudo bash
Do not pipe the installer directly to sudo. Download and inspect it first, pin to a trusted commit or checksum, and preferably install in a container or isolated machine.
If the host variables point to the wrong server, or if untrusted text is used to build commands, content or commands could be sent to an unintended SSH target.
The skill’s wrapper forwards the supplied command string to an SSH host and auto-accepts a new host key on first connection. This is central to the SSH TTS design but makes correct host configuration and command scoping important.
exec ssh -p "$QWENSPEAK_PORT" -o StrictHostKeyChecking=accept-new ... "tts@$QWENSPEAK_HOST" "$*"
Set `QWENSPEAK_HOST` and `QWENSPEAK_PORT` only for a trusted server, verify the SSH host fingerprint, and limit use to the documented TTS and file commands.
Anyone with the corresponding private key and network access to the service could use the TTS/file interface exposed by the qwenspeak server.
Setup grants SSH-key access to the qwenspeak service. It uses the public key, not the private key, and is purpose-aligned, but it creates an access boundary users should manage carefully.
cat ~/.ssh/id_rsa.pub >> ~/.qwenspeak/authorized_keys
Use a dedicated SSH key for this service, restrict network exposure, and remove keys from `authorized_keys` when they are no longer needed.