ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

feishu-minimax-t2a-voice

v1.0.1

飞书语音消息收发:接收语音自动转文字(飞书原生 Transcript + Whisper 降级),回复语音由 MiniMax T2A 合成后发送。

1· 117·0 current·0 all-time
byhabitum@michelangelo-in-sistine

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for michelangelo-in-sistine/feishu-minimax-t2a-voice.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "feishu-minimax-t2a-voice" (michelangelo-in-sistine/feishu-minimax-t2a-voice) from ClawHub.
Skill page: https://clawhub.ai/michelangelo-in-sistine/feishu-minimax-t2a-voice
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install feishu-minimax-t2a-voice

ClawHub CLI

Package manager switcher

npx clawhub@latest install feishu-minimax-t2a-voice
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code and SKILL.md implement Feishu text→voice and voice→text behavior as described and call an external MiniMax API and Edge TTS. However, the package metadata/register fields claim no required binaries/env-vars while the SKILL.md and code expect ffmpeg (for MiniMax path), requests and edge_tts Python packages, and an optional MINIMAX_API_KEY. Also the scripts write output to a hard-coded path (e:\Profile\Mac\.openclaw\media\out), which is unexpected and platform-specific.
Instruction Scope
Runtime instructions are narrow: run reply.py to produce an audio file and then send that file via the Feishu message tool. The scripts do not attempt to read arbitrary user files or other credentials; they only use environment variables documented in SKILL.md (MINIMAX_API_KEY, EDGE_TTS_VOICE). They do, however, copy generated audio into a hard-coded filesystem location which is unusual and may be surprising.
!
Install Mechanism
There is no install spec yet the code imports third-party Python libraries (requests, edge_tts) and expects ffmpeg to be present for the preferred MiniMax path. The absence of declared dependencies or an install step is an inconsistency: the runtime will fail or behave differently depending on the environment. No external download URLs are present, but the missing dependency declarations are a practical installation risk.
Credentials
The only credential-like item used is an optional MINIMAX_API_KEY (documented in SKILL.md) and an EDGE_TTS_VOICE setting. The registry metadata listed 'no required env vars', which is misleading but not dangerous. The key is optional and reasonable for calling MiniMax; no unrelated tokens or broad privileges are requested.
Persistence & Privilege
The skill is not always-included and does not request elevated platform privileges. It writes generated media to disk (tempdir and additionally a hard-coded 'media/out' path). Writing files is within the scope of a TTS skill but the hard-coded, Windows-style destination is unexpected and could create side effects or fail silently on other OSes.
What to consider before installing
This skill appears to do what it claims (generate Feishu voice replies via MiniMax with Edge TTS fallback), but there are practical and transparency problems you should address before installing or enabling it: - Missing dependency/install info: The code requires Python packages (requests, edge_tts) and optionally ffmpeg, but no install spec (pip requirements or instructions) is provided. Ensure you install these dependencies in a controlled environment or ask the author for a requirements.txt or installation instructions. - Optional API key: MINIMAX_API_KEY is optional and used to call https://api.minimaxi.com/v1/t2a_v2. Only set this if you trust that service and the skill origin, and avoid reusing sensitive credentials. - Hard-coded filesystem path: reply.py copies outputs to e:\Profile\Mac\.openclaw\media\out (Windows-style). This is odd and may create files in unexpected places or fail on non-Windows systems. Consider changing the scripts to use a configurable path or a platform-agnostic location (e.g., a tempdir or the agent's media directory). - Network behavior: The skill makes outbound HTTP requests to the MiniMax API and uses edge_tts (which opens network connections). If you need strict outbound controls, run it in a sandboxed environment or inspect traffic. - Audit or sandbox before use: If you do not fully trust the source, run the scripts in an isolated/container environment, review or rewrite the filesystem paths, and validate the external endpoints and payloads. Ask the publisher for a clear requirements/install section (pip packages, ffmpeg requirement) and for clarification on the hard-coded path; resolving these would move this assessment toward 'benign'.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f19bdn2tsbspjyn23dxzqhx84a5bn
117downloads
1stars
2versions
Updated 3w ago
v1.0.1
MIT-0
habitum@michelangelo-in-sistine
latest
Download

feishu-voice

接收:语音 → 文字

飞书自动为语音消息生成转写,消息体中自带 Transcript 字段,直接读取即可,无需任何 API 调用。

发送:文字 → 语音

流程

Step 1. 调用脚本生成语音文件:

python scripts/reply.py "<文字内容>"

输出文件路径(格式为 .opus.ogg)。

Step 2. 通过飞书发送语音:

message(action=send, channel=feishu, media=<filepath>, contentType="audio/opus")

注:Edge TTS 输出的 .ogg 文件同样使用 audio/opus contentType。

MiniMax 语气词(配置了 MINIMAX_API_KEY 时)

在生成回复文本时主动嵌入以下标记,可让语音更自然:

标记含义使用场景
<#0.3#>停顿 0.3 秒逗号后、句子中间
(breath)自然呼吸长句中间、句末
(sighs)叹气感叹、无奈时
(emm)思考语气问句结尾、停顿后继续
(clear-throat)清嗓转折、开始说话
(laughs)笑声开心、幽默内容
(chuckle)轻笑轻松调侃
(sniffs)吸鼻子轻微情绪
(humming)哼唱愉快、自言自语

规则:

  • 标记插入两个有发音文本之间,不可连续叠加
  • 问句句尾加 (emm)
  • 感叹句插 (laughs)(sighs)
  • 句号前无自然停顿时加 (breath)
  • 长叙述每隔 20-30 字符插一次 (breath)<#0.3#>

示例:

模型生成文本:好的,那我们出发吧。
应生成:好的<#0.3#>,那我们出发吧(laughs)。

模型生成文本:等等,让我想想,这个怎么做来着?
应生成:等等<#0.3#>,让我想想(emm)<#0.4#>,这个怎么做来着?

模型生成文本:唉,今天真是太累了。
应生成:唉(sighs),今天真是太累了(breath)。

链路降级

MiniMax T2A (mp3) → ffmpeg → opus  [优先]
    ↓ 超时/无 key
Edge TTS (ogg 直出)                  [降级]
    ↓ 失败
返回纯文字(不走语音)

环境变量

变量必填说明
MINIMAX_API_KEY有则优先 MiniMax;无则 Edge TTS
EDGE_TTS_VOICEEdge TTS 音色,默认 zh-CN-XiaoxiaoNeural

快速参考

# 生成语音并发送
python scripts/reply.py "<文字>"  →  输出文件路径  →  message(media=路径, contentType="audio/opus")

Comments

Loading comments...