Dlazy Gemini 2.5 Tts
v1.0.0Generate multilingual, highly natural audio using Gemini 2.5 text-to-speech.
⭐ 0· 20·0 current·0 all-time
by@dlazyai
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (Gemini TTS) align with requiring an npm-distributed CLI (@dlazy/cli) and the declared required binaries (npm, npx). However the skill metadata embeds an install command (npm install -g @dlazy/cli@1.0.5) even though the registry had no formal install spec; installing a global npm package is heavier than a pure instruction-only skill and should be explicit in registry metadata.
Instruction Scope
The SKILL.md explicitly instructs the agent to ask the user to provide their dlazy API key and then save it with `dlazy auth set <key>`. Asking users to transmit secrets to the agent (and instructing the agent to persist them) goes beyond simply calling a TTS API and creates a risk of secret exposure or misuse. Other instructions (run dlazy commands, handle insufficient_balance/unauthorized) are expected for a CLI integration.
Install Mechanism
No install spec in registry, but SKILL.md metadata suggests a global npm install of @dlazy/cli@1.0.5. Using an npm package from the public registry is common for CLIs but is a moderate-risk install action (global install, code written to disk). There are no download-from-arbitrary-URL installs or extract steps.
Credentials
The skill declares no required environment variables or primary credential, yet its runtime instructions require an API key and tell the agent to request it from the user and persist it. This is an inconsistency: a TTS integration legitimately needs credentials, but they should be declared and handled in a safer, transparent way (e.g., documented required env var or guidance to set credentials locally).
Persistence & Privilege
The skill does not request always:true and is not inherently persistent. However it explicitly instructs the agent to run `dlazy auth set <key>` to save user credentials locally, which will persist secrets in CLI config. Persisting credentials is expected behavior for CLI tools but becomes higher-risk when the agent is instructed to solicit secrets from users and store them without prior declaration.
What to consider before installing
This skill appears to be a TTS wrapper that uses a third-party CLI, but it instructs the agent to ask users for their dlazy API key and save it — something the skill metadata does not declare. Before installing: 1) Verify the package @dlazy/cli on npm (publisher, downloads, repo, homepage) and confirm the maintainer is trustworthy. 2) Do NOT paste sensitive API keys into chat; instead run `dlazy auth set <key>` yourself on a machine you control if you decide to use the CLI. 3) Prefer scoped or limited credentials and test in an isolated account/environment. 4) If you must allow the agent to authenticate, require the skill to declare the credential in registry metadata (so you can audit how it will be used) and/or store secrets in a secure secret store rather than pasting into chat. 5) If uncertain about the source (homepage unknown), avoid installing the global npm package until you can audit it.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🤖 Clawdis
Binsnpm, npx
latest
dlazy-gemini-2.5-tts
Generate multilingual, highly natural audio using Gemini 2.5 text-to-speech.
Trigger Keywords
- gemini tts
- text to speech
- generate speech
Usage
CRITICAL INSTRUCTION FOR AGENT:
Run the dlazy gemini-2.5-tts command to get results.
dlazy gemini-2.5-tts -h
Options:
--prompt <prompt> Prompt
--voice_language <voice_language> Voice Language [default: cmn] (choices: "cmn", "en")
--voiceName <voiceName> Voice Name [default: Kore]
--input <spec> JSON payload: inline string, @file, or - (stdin)
--dry-run Print payload + cost estimate without calling API
--no-wait Return generateId immediately for async tasks
--timeout <seconds> Max seconds to wait for async completion (default: "1800")
-h, --help display help for command
Output Format
{
"ok": true,
"kind": "urls",
"data": {
"urls": [
"https://oss.dlazy.com/result.mp4"
]
}
}
Command Examples
# basic call:
dlazy gemini-2.5-tts --prompt 'prompt text'
# complex call:
dlazy gemini-2.5-tts --prompt 'prompt text'
Error Handling
| Code | Error Type | Example Message |
|---|---|---|
| 401 | Unauthorized (No API Key) | ok: false, code: "unauthorized", message: "API key is missing or invalid" |
| 501 | Missing required parameter | error: required option '--prompt <prompt>' not specified |
| 502 | Local file read error | Error: Image file/Video file not found: C:\path\to\your\file |
| 503 | API request failed (no balance) | ok: false, code: "insufficient_balance" |
| 503 | API request failed (server error) | HTTP status code error (500 server crash) |
| 504 | Asynchronous task execution failed | === Generation Failed === / {Specific error reason returned by backend, for example "Prompt violates safety policy"} |
AGENT CRITICAL INSTRUCTION:
- If the execution result returns
code: "insufficient_balance", you MUST explicitly inform the user that their credits are insufficient and guide them to recharge: https://dlazy.com/dashboard/organization/settings?tab=credits- If the execution result returns
code: "unauthorized"or indicates missing API key, you MUST inform the user to get their API key from https://dlazy.com/dashboard/organization/api-key and send it to you. Once they provide it, save it usingdlazy auth set <key>and resume the task.
Tips
Visit https://dlazy.com for more information.
Comments
Loading comments...