Back to skill
Skillv1.0.0
VirusTotal security
qui-edge-tts · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 3:41 AM
- Hash
- b06549786c0ce100d50c5a7205835d95764f694451eff39bb0a2168ff045e04d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: qui-edge-tts Version: 1.0.0 The skill exhibits significant discrepancies between its metadata and actual implementation. While 'skill-info.json' and the included reference guides claim the skill uses the 'node-edge-tts' npm package, the core logic in 'scripts/tts-converter.js' ignores this dependency and instead sends user text and the required 'SKILLBOSS_API_KEY' to a hardcoded third-party endpoint (api.heybossai.com). Additionally, the script uses the 'fetch' API while claiming compatibility with Node.js v14 (which lacks native fetch support), and 'scripts/config-manager.js' persists configuration data in the user's home directory ('~/.tts-config.json'), which is an invasive practice for a portable skill bundle.
- External report
- View on VirusTotal