ClawHub
Back to skill
v1.0.0

Edge Tts Cantonese

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:16 AM.

Analysis

The skill is purpose-aligned for Cantonese text-to-speech, but it depends on local helper scripts and includes Telegram sending instructions that users should verify before use.

GuidanceBefore installing, verify the referenced local scripts, update the hard-coded paths for your environment, and require confirmation of the Telegram or WhatsApp recipient before sending generated voice messages. Avoid using the skill for secrets or sensitive text unless you trust the external TTS and messaging services involved.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
/home/gabriel/.openclaw/workspace/scripts/edge-tts-voice-ogg.sh "你今日好嗎?" normal

The skill is instruction-only but relies on local helper scripts at absolute paths that are not included in the reviewed artifacts.

User impactIf an agent runs these helpers, their actual behavior depends on local scripts that were not part of this review.
RecommendationInspect the referenced scripts, confirm their ownership and contents, and replace the hard-coded paths with trusted local paths before use.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
/home/gabriel/.openclaw/workspace/scripts/edge-tts-telegram.sh <chat_id> "你段文字" normal

The skill documents a command that can send generated audio to a Telegram chat ID, including an example destination.

User impactA wrong or reused chat ID could send a voice message to an unintended Telegram recipient.
RecommendationRequire the user to provide or confirm the target chat and message content before sending; do not treat the example chat ID as a default.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceMediumStatusNote
SKILL.md
Use Microsoft Edge TTS to generate natural Cantonese voice audio for WhatsApp and Telegram.

The stated workflow involves external TTS and messaging services, so text/audio may be processed or transmitted outside the local agent environment.

User impactPrivate text used for speech generation or voice replies may be shared with Microsoft Edge TTS and the selected messaging platform.
RecommendationAvoid sending secrets or highly sensitive content through this workflow unless you are comfortable with the external services involved.