Feishu Edge TTS Voice
v1.0.0飞书语音消息发送技能。使用 Edge TTS(微软,免费无限次)生成语音并以飞书语音气泡形式发送。当用户要求用语音回复、发语音消息、TTS 朗读内容时触发。默认音色:云希(zh-CN-YunxiNeural,活泼阳光男声)。
⭐ 2· 1.4k·11 current·12 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's functionality (Edge TTS -> convert -> upload to Feishu) matches the code and instructions. However, the package metadata declares no required credentials or config paths while the runtime script expects a ~/.openclaw/openclaw.json containing feishu appId/appSecret. That omission is an inconsistency: the skill does need Feishu credentials (in a config file) even though the registry metadata lists none.
Instruction Scope
SKILL.md and the script keep to a narrow scope: generate audio with edge-tts, convert with ffmpeg, obtain a Feishu tenant token, upload the opus file, and send an audio message. Network calls go only to open.feishu.cn and no other external endpoints. One scope note: the script loads the entire openclaw.json and then accesses cfg['channels']['feishu'] — it only uses feishu fields, but because it reads the whole config file it could access other secrets if modified.
Install Mechanism
There is no automated install spec (instruction-only plus a script). The README tells users to pip install edge-tts and to ensure ffmpeg is present. This is low-risk compared with arbitrary download-and-extract installs. Users should still install edge-tts/ffmpeg from trusted sources.
Credentials
The skill requires Feishu app credentials (appId/appSecret) but does not declare them in requires.env or required config paths in the registry metadata; instead it expects them inside ~/.openclaw/openclaw.json. That mismatch is a proportionality/visibility problem. Also, because the script opens the entire JSON file, if you keep other sensitive credentials there they could be read into memory — the script currently only uses the Feishu fields, but the practice means sensitive data is being accessed without being declared.
Persistence & Privilege
The skill is not always-included and is user-invocable. It does not modify other skills or system configuration. No elevated persistence privileges are requested.
What to consider before installing
Before installing or running this skill: (1) Inspect ~/.openclaw/openclaw.json and confirm it contains only the Feishu appId/appSecret you intend to use — don't point the script at a file containing broad secrets. (2) Prefer creating a Feishu app with minimal permissions for this purpose. (3) Because the registry metadata does not declare the required config/credentials, treat that omission as a red flag: either ask the publisher to update the metadata or avoid installing until it's fixed. (4) Review the included scripts/send_voice.py yourself (it is small and readable); if you run it, do so in an environment where executing curl/ffmpeg/edge-tts is acceptable (or sandboxed). (5) If you want stronger guarantees, request the skill be updated to accept credentials via a clearly-declared config path or dedicated environment variables (and update registry metadata accordingly). Additional info that would raise confidence to 'high': metadata that explicitly declares the required config path and primary credential, or an updated script that only reads a minimal, well-documented credentials file.Like a lobster shell, security has layers — review code before you run it.
latestvk9738cepxe15pd3ba2dpmhcn6n826rer
License
MIT-0
Free to use, modify, and redistribute. No attribution required.