Security audit
Xiaomi TTS
Security checks across malware telemetry and agentic risk
Overview
This appears to be a real Xiaomi text-to-speech plugin, but it may expose spoken text through logs and an optional extra AI-model audio-tagging step.
Review before installing if your agent may speak sensitive messages. Use a dedicated Xiaomi API key, verify the baseUrl, consider leaving audioTags disabled unless you accept the extra model call, and check whether OpenClaw logs will retain full spoken text.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
