iFlytek Ultra-Realistic TTS

v1.0.0

iFlytek Ultra-Realistic TTS (超拟人语音合成) — synthesize natural, expressive speech from text using iFlytek's ultra-realistic voice synthesis API. Supports 50+ voi...

⭐ 0· 145·1 current·1 all-time

by@jpengcheng523-netizen

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jpengcheng523-netizen/xfyun-tts.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "iFlytek Ultra-Realistic TTS" (jpengcheng523-netizen/xfyun-tts) from ClawHub.
Skill page: https://clawhub.ai/jpengcheng523-netizen/xfyun-tts
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install xfyun-tts

ClawHub CLI

Package manager switcher

npx clawhub@latest install xfyun-tts

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The skill's name/description (iFlytek Ultra-Realistic TTS) matches the code and SKILL.md: it implements a WebSocket-based TTS client for the stated endpoint. However, registry metadata lists no required environment variables while SKILL.md and scripts/tts.py clearly require XFYUN_APP_ID, XFYUN_API_KEY, and XFYUN_API_SECRET. That metadata omission is an incoherence that could mislead users into installing without realizing credentials are needed.

Instruction Scope

The runtime instructions and code scope are limited to reading text (positional arg, file, or stdin), contacting the iFlytek WebSocket endpoint, and writing an audio file — that is coherent for TTS. However, the included client disables TLS verification (ctx.check_hostname = False and ctx.verify_mode = ssl.CERT_NONE), which weakens transport security and could allow a man-in-the-middle to observe or tamper with content or credentials. The code also constructs raw WebSocket frames and performs network I/O directly; while not inherently malicious, the insecure TLS setting is a significant concern.

✓

Install Mechanism

No install spec is provided (instruction-only with a bundled Python script). No external packages or downloads are required; the project claims to use only Python stdlib, which the script reflects. This is low install risk, but because the source/homepage is unknown, provenance is limited.

Credentials

The TTS service legitimately requires credentials (app id, api key, api secret) which the SKILL.md and script request. That by itself is proportionate to a cloud TTS client. The problem is the registry metadata incorrectly declares no required env vars — an inconsistency that may hide the need to supply sensitive credentials. Requesting three service-specific secrets is expected for this purpose, but the missing metadata and lack of a declared primary credential are problematic for safe deployment.

✓

Persistence & Privilege

The skill does not request persistent presence (always: false) and does not modify other skills or system settings. It is user-invocable and can be invoked autonomously by the agent (default), which is normal and not a sole basis for concern.

What to consider before installing

This skill appears to implement the claimed iFlytek TTS functionality, but there are two issues you should consider before installing or using it: 1) Metadata mismatch — The registry entry claims no required environment variables, but SKILL.md and the bundled script require XFYUN_APP_ID, XFYUN_API_KEY, and XFYUN_API_SECRET. Do not provide sensitive credentials unless you trust the publisher. Ask the maintainer to fix the metadata so the required secrets are visible up front. 2) Insecure TLS — The Python WebSocket client in scripts/tts.py explicitly disables TLS certificate verification (check_hostname=False and verify_mode=ssl.CERT_NONE). This can enable man-in-the-middle attacks that could capture your API keys or audio data. Request a version that validates certificates, or run the script only in a controlled environment or over a trusted network. Prefer using an official SDK or a verified client that performs proper TLS validation. Other suggestions: - Verify the endpoint host and that it matches the official provider; confirm the code hasn’t been tampered with (no homepage/source is provided). - Inspect the remainder of scripts/tts.py (file was truncated in the listing) to ensure there is no hidden data exfiltration or logging of secrets. - Limit the API key permissions (use least privilege) and consider creating a dedicated test account/keys for evaluation. Given these issues, treat the skill with caution. The problems look like sloppy or risky engineering rather than clear malicious intent, but they are serious enough to delay use until corrected.

Like a lobster shell, security has layers — review code before you run it.

latestvk9731bpm2repa148jcg7jcqnqd83gn5j

145downloads

0stars

1versions

Updated 1mo ago

v1.0.0

MIT-0

xfyun-tts

Synthesize natural, expressive speech from text using iFlytek's Ultra-Realistic Voice Synthesis (超拟人语音合成) WebSocket API. Features human-like breathing, pauses, and emotional expression across 50+ voices.

Setup

Create an app at 讯飞控制台 with 超拟人语音合成 service enabled
Enable the desired voice(s) in the console (default: x5_lingyuzhao_flow / 聆玉昭)

Set environment variables:

export XFYUN_APP_ID="your_app_id"
export XFYUN_API_KEY="your_api_key"
export XFYUN_API_SECRET="your_api_secret"

Usage

Basic synthesis

python3 scripts/tts.py "你好，欢迎使用科大讯飞语音合成。"
# → saves to output.mp3

Specify output file

python3 scripts/tts.py "Hello, this is a test." --output hello.mp3

Use a different voice

python3 scripts/tts.py "大家好" --voice x6_lingfeiyi_pro --output greeting.mp3

Read from file

python3 scripts/tts.py --file article.txt --output article.mp3

Pipe from stdin

echo "流式文本输入测试" | python3 scripts/tts.py --output speech.mp3

Adjust parameters

python3 scripts/tts.py "语速快一点" --speed 70 --volume 80 --pitch 60

Output PCM format

python3 scripts/tts.py "测试" --format pcm --sample-rate 16000 --output test.pcm

List all available voices

python3 scripts/tts.py --list-voices

Options

Flag	Short	Default	Description
`text`			Text to synthesize (positional)
`--file`	`-f`		Read text from a file
`--output`	`-o`	`output.mp3`	Output audio file path
`--voice`	`-v`	`x5_lingyuzhao_flow`	Voice name (vcn)
`--format`		`mp3`	Audio format: mp3, pcm, speex, opus
`--sample-rate`		`24000`	Sample rate: 8000, 16000, 24000
`--speed`		`50`	Speed 0–100 (50=normal, 100=2x)
`--volume`		`50`	Volume 0–100 (50=normal)
`--pitch`		`50`	Pitch 0–100 (50=normal)
`--bgs`		`0`	Background sound: 0=none, 1=bg1, 2=bg2
`--reg`		`0`	English pronunciation: 0=auto, 1=spell, 2=letter
`--rdn`		`0`	Number reading: 0=auto, 1=value, 2=string, 3=string-prefer
`--list-voices`			Print voice list and exit

Popular Voices

VCN	Name	Gender	Language	Scene
`x5_lingyuzhao_flow`	聆玉昭	Female	中文	交互聊天
`x5_lingxiaotang_flow`	聆小糖	Female	中文	语音助手
`x6_lingfeiyi_pro`	聆飞逸	Male	中文	交互聊天
`x6_lingxiaoli_pro`	聆小璃	Female	中文	交互聊天
`x6_pangbainan1_pro`	旁白男声	Male	中文	旁白配音
`x6_pangbainv1_pro`	旁白女声	Female	中文	旁白配音
`x6_lingfeihan_pro`	聆飞瀚	Male	中文	纪录片
`x5_EnUs_Grant_flow`	Grant	Female	English	交互聊天
`x5_EnUs_Lila_flow`	Lila	Female	English	交互聊天
`x4_zijin_oral`	子津	Male	天津话	交互聊天
`x4_ziyang_oral`	子阳	Male	东北话	交互聊天

Run --list-voices for the complete list (50+ voices).

Text Features

Silent pauses

Insert [p500] in text for a 500ms pause:

你好[p500]科大讯飞

Specify pronunciation

Use [=pinyin] after a character to force pronunciation:

着[=zhuo2]手

Notes

Endpoint: wss://cbm01.cn-huabei-1.xf-yun.com/v1/private/mcd9m97e6
Protocol: WebSocket (RFC 6455) with HMAC-SHA256 signed URL auth
Text limit: max 64KB total per session
Session timeout: 60 seconds
Text input speed: must exceed 15 chars/sec for streaming (not relevant for single-shot mode)
No pip dependencies: uses a built-in minimal WebSocket client on pure Python stdlib
Env vars: XFYUN_APP_ID, XFYUN_API_KEY, XFYUN_API_SECRET
Output: prints the absolute path of saved audio to stdout (for easy piping to other tools)
x4 series voices (x4_*_oral) support oral configuration parameters (口语化), x5/x6 do not
Voices must be enabled in the console before use

Comments

Loading comments...