Google Chirp 3 HD TTS Skill
v1.0.2High-definition generative speech synthesis using Google Cloud Chirp 3 HD voices. Delivers superior realism, emotional expressiveness, and natural pacing usi...
⭐ 0· 20·0 current·0 all-time
by@jarar21
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill name/description (Google Chirp 3 HD TTS) match the declared needs: Node.js 18+, Google Application Default Credentials, network access to call Google Cloud and to run npm. No unrelated secrets, binaries, or surprising capabilities are requested.
Instruction Scope
SKILL.md instructs the agent to detect TTS triggers, ensure Node.js is present, run a local npm install if missing, and execute the bundled Node script. The instructions only reference the skill folder and an optional OPENCLAW_WORKSPACE; they do not read unrelated system files or send data to unexpected endpoints.
Install Mechanism
There is no packaged install spec, but the runtime instructions perform a local `npm install @google-cloud/text-to-speech --prefix <skill_dir>` from the public npm registry. This is expected for this use case but carries ordinary npm supply-chain risk (package compromise, typosquatting). The install is local to the skill folder and uses no obscure URLs.
Credentials
The only external credential workflow documented is Google ADC (`gcloud auth application-default login`), which is appropriate and required for calling Google Cloud TTS. No unrelated environment variables or credentials are requested; OPENCLAW_WORKSPACE is optional and used only to place output files.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide agent settings, and only writes node_modules locally plus generated audio to the workspace. This level of persistence is proportional to its purpose.
Assessment
This skill appears to do what it says: synthesize speech via Google Cloud. Before installing, be aware that: (1) you must have Node.js 18+ and run `gcloud auth application-default login` (this grants the skill access to your ADC credentials and any allowed Google Cloud projects); (2) the skill will run `npm install` in its folder to fetch @google-cloud/text-to-speech — consider running this in an isolated environment or verifying the package/version to reduce supply-chain risk; (3) the skill will write node_modules and generated audio files into its folder or your OPENCLAW_WORKSPACE; (4) if you are concerned about automatic invocation, note the agent will run the skill when it detects TTS triggers — restrict invocation or review triggers if needed. If you want extra assurance, inspect the installed package version and run the skill in a controlled/test environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk974cgv4w86cwcr0d6j2y1r7gn84rbt1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.