Talking Circle

This skill appears to implement what it claims, but review these points before installing or giving API keys: - TLS verification disabled: the SaluteSpeech script calls Sber endpoints with requests(..., verify=False) and suppresses warnings. That weakens transport security and could allow man‑in‑the‑middle interception of your SALUTE_SPEECH_AUTH. Consider removing verify=False or only using trusted networks, or avoid using the Salute option if you must not risk exposing credentials. - API keys and privacy: ElevenLabs and SaluteSpeech keys (and any image/TTS service you use) are sent to third‑party services. Do not supply keys you cannot revoke; avoid uploading private avatar images to external image APIs if you need privacy. - Local installs: the skill will create a virtualenv under /tmp and pip-install numpy/pillow/requests from the included requirements.txt. Inspect requirements.txt and the repository before running if you are cautious. - Logs and artifacts: the scripts write build logs (out.build.log) and temporary files. Inspect logs if builds fail because they may include error messages from remote services. - If you are concerned about privacy or supply of secrets, run the scripts locally in an isolated environment (VM or container), or use Mode 1 (audio-to-video) with locally generated audio so you do not need to provide remote TTS credentials. If you want, I can point out the exact lines where verify=False is used and suggest a minimal patch to enable certificate verification.