Back to plugin

Security audit

Telnyx TTS Provider

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent Telnyx text-to-speech provider, but users should understand it will send TTS text to Telnyx using their Telnyx API key and that the install/package naming is somewhat inconsistent.

This skill is likely safe for its stated purpose if you want Telnyx as your OpenClaw TTS provider. Before installing, verify the exact npm package/repository, understand that synthesized text will be sent to Telnyx, use a carefully managed TELNYX_API_KEY, and avoid custom base URLs unless you trust the proxy.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.js:114
Evidence
if (!process.env.WS_NO_BUFFER_UTIL) {

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/index.js:3817
Evidence
apiKey: [REDACTED](providerConfig, cfg),