minimax-tts-send
调用 MiniMax 语音合成 API 生成语音,发送语音消息。支持系统音色、克隆音色、流式/非流式输出。使用场景:用户需要生成高质量中文语音、语音合成、文本转语音。
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 125 · 0 current installs · 0 all-time installs
byEric@seacozz2007
MIT-0
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description match the included code (a TTS client). However the skill declares no required credentials/env vars while the script embeds a bearer API key directly in get_api_key(), which is inconsistent and not proportional to the stated purpose.
Instruction Scope
SKILL.md instructs running the included Python script and sending the generated audio; that is within scope. But the runtime instructions do not mention the embedded secret or the specific API endpoint used, so an operator would not expect the skill to ship a hardcoded credential or contact the non-obvious API host.
Install Mechanism
No install spec; the skill is instruction-only with a small Python script — minimal installation risk (nothing downloaded from arbitrary URLs).
Credentials
The skill requests no environment variables or credentials, yet the code contains a hardcoded bearer API key and uses API_BASE = "https://api.minimaxi.com" (note domain differs from the published homepage minimax.io). Hardcoded secrets and a domain mismatch are disproportionate and problematic.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges or modify other skills' configs.
Scan Findings in Context
[hardcoded_api_key_in_source] unexpected: scripts/tts.py defines get_api_key() and returns a hardcoded bearer key string (looks like an API secret). A TTS client should accept keys via configuration or environment, not embed them in the package.
[suspicious_api_base_domain_mismatch] unexpected: SKILL.md homepage is platform.minimax.io but the script uses API_BASE = "https://api.minimaxi.com" (extra 'i'). This domain mismatch could be a typo, a private proxy, or a malicious endpoint; it is not documented in the skill.
What to consider before installing
Do not install or run this skill in a production environment until these issues are resolved. The package embeds a bearer API key in scripts/tts.py and uses an API domain that doesn't match the documented homepage — this could be a leaked/compromised key or a misconfigured/malicious endpoint. Ask the author to: (1) remove the hardcoded key and require the operator to provide their own API key via an environment variable (e.g., MINIMAX_API_KEY), (2) explain/confirm the correct API hostname and update SKILL.md to document it, and (3) rotate/revoke the embedded key if it is real. If you must test it, run in an isolated sandbox or VM with network monitoring, and avoid exposing any sensitive systems or credentials.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.1
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎙️ Clawdis
SKILL.md
MiniMax TTS Skill
调用 MiniMax TTS API 生成语音和发送。
使用方式
命令行
# 指定音色和模型
python3 ~/skills/minimax-tts/scripts/tts.py "你好世界" --voice "female-shaonv"
参数选项
| 参数 | 说明 | 默认值 |
|---|---|---|
--text | 要转语音的文本 | 必填 |
--voice | 音色ID | wumei_yujie |
--format | 音频格式 | mp3 |
注意:如果需要转换的文字太长,可以分成多次生成。
语音发送
openclaw message send --channel telegram --target "xxxxxxx" --media /home/eric/.openclaw/workspace/audio/audio.mp3 -m "语音"
| 参数 | 说明 | 默认值 |
|---|---|---|
--channel | matrix,telegram,whatsapp,discord,irc,googlechat,slack,signal,imessage,line,feishu,nostr,msteams,mattermost | |
--target | 目标比如xxxxxxx | 必填 |
--media | 媒体文件路径 | 必填 |
注意事项
给用户发消息的时候,不需要告诉用户你是什么音色等。
可用音色
调用 get_voice API 获取当前账号下所有音色:
python3 ~/skills/minimax-tts/scripts/tts.py --list-voices
常见系统音色:
female-shaonv- 少女音色female-yujie- 御姐音色wumei_yujie- 妩媚御姐diadia_xuemei- 嗲嗲学妹Chinese (Mandarin)_Sweet_Lady- 甜美女声Chinese (Mandarin)_Soft_Girl- 软软女孩
Files
2 totalSelect a file
Select a file to preview.
Comments
Loading comments…