ClawHub
Back to skill
v1.0.0

doubao-tts

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:24 AM.

Analysis

This looks like a straightforward text-to-speech skill, but it requires your Volcengine token and sends the text you ask it to read to ByteDance/Volcengine to generate audio.

GuidanceBefore installing, confirm you want to use Volcengine Doubao TTS, store only a TTS-scoped token in ~/.openclaw/doubao-tts-config.json, avoid sending sensitive text unless provider processing is acceptable, and choose safe output paths for saved MP3 files.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
output_file="${save_path:-/tmp/doubao_tts_$(date +%s).mp3}" ... base64 -d > "$output_file" ... afplay "$output_file"

The skill writes decoded audio to a local file and invokes a local audio player. This is appropriate for TTS playback, but it is still local file and tool use.

User impactThe skill may create MP3 files and play audio on the device when invoked.
RecommendationUse trusted save paths, review where output files are written, and ensure the expected local playback tools are installed.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
package.json
"repository": { "type": "git", "url": "" } ... "dependencies": ["jq", "curl", "base64"]

The package metadata has no repository URL and documents external helper tools. This limits provenance information but does not show hidden or unsafe installation behavior.

User impactUsers have less source provenance to verify and must ensure required local tools are present.
RecommendationInstall from a trusted registry entry, confirm the publisher is expected, and verify curl/jq/base64 availability before use.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
access_token=$(cat "$config_file" | jq -r '.access_token') ... -H "Authorization: Bearer;$access_token"

The skill reads a local Volcengine access token and uses it to authorize TTS API calls. This is expected for the stated service integration, but the token may grant account usage or incur provider charges.

User impactAnyone using the skill must store a provider token locally and trust the skill instructions to use it only for TTS requests.
RecommendationUse a token limited to the TTS application if possible, protect the config file, and rotate the token if it may have been exposed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
api_url="https://openspeech.bytedance.com/api/v1/tts" ... "uid": "388808087185088" ... "text": "$text"

The skill sends the requested text, along with a fixed user identifier field, to the external ByteDance/Volcengine TTS endpoint. This is core to the skill's purpose, but it means text content leaves the local machine.

User impactText you ask the skill to read may be processed by the external TTS provider and associated with the configured account/request metadata.
RecommendationAvoid sending highly sensitive text unless you are comfortable with the provider's data handling terms and account configuration.