ClawHub
Back to skill
v1.0.7

volcengine-tts-feishu

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:29 AM.

Analysis

The skill mostly matches its TTS-and-Feishu purpose, but it should be reviewed because the Feishu send path uses local app credentials to post messages and has unsafe credential/temp-file handling details.

GuidanceBefore installing, confirm you trust the publisher and are comfortable with this skill using your local Volcengine and Feishu configuration. If you use --send-to, restrict the Feishu app’s permissions where possible, verify the recipient open_id, and consider fixing the script to avoid command-line tokens and predictable temporary files. Also review requirements.txt before running pip install.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusConcern
scripts/http_tts.py
output_path = os.path.join(tempfile.gettempdir(), f"volcengine_tts_{os.getpid()}.mp3") ... with open(output_path, 'wb') as f

For Feishu sending, the script writes audio to a predictable filename in the system temp directory instead of using a securely created temporary file.

User impactA predictable temp path can overwrite or interact with an unexpected existing file on shared systems.
RecommendationUse tempfile.NamedTemporaryFile or mkstemp with exclusive creation, and clean up through the secure temp-file handle.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
requirements.txt
websockets>=12.0

The documentation says the dependency is requests and the script imports requests, but requirements.txt installs an unpinned, apparently unused websockets package and omits requests.

User impactSetup may fail or install an unnecessary external package.
RecommendationCorrect and pin requirements.txt, for example by listing the needed requests version and removing unused dependencies.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
scripts/http_tts.py
with open(args.openclaw_config) as f: cfg = json.load(f) ... feishu_app_secret = feishu["appSecret"] ... result = send_audio_message(token, args.send_to, file_key)

When --send-to is used, the script reads Feishu app credentials from the local OpenClaw config, obtains a tenant token, and sends an audio message. The registry metadata declares no primary credential or required config path, so this high-impact delegated authority is under-declared.

User impactUsing the send option lets the skill act through the configured Feishu app to upload audio and send messages to the supplied open_id.
RecommendationDeclare the Feishu config path and credential requirement, require clear user confirmation before sending, and restrict the Feishu app permissions or allowed recipients where possible.
Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
scripts/http_tts.py
"curl", "-s", "-X", "POST", f"{FEISHU_API}/im/v1/files", "-H", f"Authorization: Bearer {token}"

The Feishu tenant bearer token is passed to an external curl process as a command-line argument, which is a weaker handling pattern than keeping the token inside the Python HTTP client.

User impactOn systems where process command lines can be inspected or logged, the Feishu token may be exposed during upload.
RecommendationUpload using an in-process HTTP library such as requests and avoid placing bearer tokens in command-line arguments.