Back to skill
Skillv1.0.0
ClawScan security
Text-to-Speech · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 7:16 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper for the SenseAudio TTS HTTP API; its declared requirements, runtime instructions, and scope align with that purpose.
- Guidance
- This skill appears to be a straightforward API wrapper for SenseAudio TTS. Before installing: (1) confirm you trust https://senseaudio.cn and want text sent to that external service; (2) treat SENSEAUDIO_API_KEY like a secret (rotate it if exposed); (3) avoid sending highly sensitive or private text to the TTS endpoint; (4) monitor usage/charges on that API key; and (5) if you require an auditable vendor, verify the homepage and ownership since the skill's source is listed as unknown.
Review Dimensions
- Purpose & Capability
- okName/description match the documented API usage in SKILL.md. The only required credential is SENSEAUDIO_API_KEY, which is appropriate for a hosted TTS API.
- Instruction Scope
- okSKILL.md contains only API endpoint, headers, request/response formats, and code examples (curl/python). It does not instruct reading unrelated files, other environment variables, or sending data to unexpected endpoints.
- Install Mechanism
- okNo install spec and no code files — instruction-only — so nothing is downloaded or written to disk by the skill itself.
- Credentials
- okOnly SENSEAUDIO_API_KEY is required and declared as the primary credential. No other credentials or sensitive config paths are requested.
- Persistence & Privilege
- okalways is false (no forced inclusion) and the skill does not request elevated or persistent system privileges or modify other skills' configs.