Voice Clone
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent and disclosed: it uses a SenseAudio API key and optional audio libraries to help users clone voices on SenseAudio and generate TTS, with no evidence of hidden or mismatched behavior.
Before installing, make sure you are comfortable giving the agent access to your SenseAudio API key and sending TTS text, voice IDs, and cloning samples to SenseAudio. Use only voices you have permission to clone, keep the API key secure, and consider pinning Python dependency versions if you need stricter supply-chain control.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill gives the agent access to the user's SenseAudio API credentials for TTS requests, which may consume account quota or access account-scoped capabilities.
The skill requires a SenseAudio API key and uses it as a bearer token for API access. This is expected for the service integration and includes guidance not to log or expose the key.
- Read the API key from `SENSEAUDIO_API_KEY`. - Send auth only as `Authorization: Bearer <API_KEY>`.
Store the API key securely, avoid sharing logs containing environment details, monitor SenseAudio usage, and rotate the key if it may have been exposed.
The agent can help create audio in a cloned voice, which could be misused if the user provides an unauthorized voice_id or text.
The skill enables generating synthetic speech with a cloned voice_id. This is the core stated purpose, but it is a sensitive capability that should remain user-directed.
- Generate TTS with a cloned voice through the official TTS API
Use only voices you own or have permission to clone, confirm the intended text before synthesis, and review generated audio before sharing it.
Dependency installation introduces normal package supply-chain exposure, though the packages are common and purpose-aligned.
The skill declares Python package dependencies for HTTP API calls and optional audio validation. They are expected for the purpose, but no pinned versions are shown.
[0] uv | package: requests [1] uv | package: pydub
Install dependencies from trusted package indexes and consider pinning versions in production or enterprise environments.
Text submitted for synthesis and associated voice identifiers are transmitted to SenseAudio, and platform cloning also requires uploading or recording a voice sample on SenseAudio.
The helper sends TTS text and the cloned voice_id to SenseAudio's external API. This external provider flow is disclosed and central to the skill.
API_URL = "https://api.senseaudio.cn/v1/t2a_v2"
Do not submit confidential text or voice samples unless you are comfortable sharing them with SenseAudio under its terms and privacy practices.