ClawHub

TopMediai TTS

v1.0.0

TopMediai text-to-speech skill. Supports key entitlement info, voices listing (official + cloned), and text-to-speech generation.

2· 140·0 current·0 all-time
by@topmediai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual behavior: it lists voices, checks API key entitlement, and posts text to TopMediai's /v1/text2speech. Required items (TOPMEDIAI_API_KEY and optional TOPMEDIAI_BASE_URL) are appropriate for this purpose.
Instruction Scope
SKILL.md and plugin.json instruct the agent to run the included Python scripts, read an .env in the skill root for TOPMEDIAI_API_KEY, and call the documented TopMediai endpoints only. There are no instructions to read unrelated files, other credentials, or to exfiltrate data to unexpected endpoints.
Install Mechanism
No install spec; the package is delivered as code files with a minimal requirements.txt (requests, python-dotenv). There are no external downloads or archive extraction steps in the skill itself.
Credentials
The only required secret is TOPMEDIAI_API_KEY (plus an optional TOPMEDIAI_BASE_URL and debug flag). The code only accesses the skill's .env and standard environment variables; no unrelated credentials or system config paths are requested.
Persistence & Privilege
always is false and the skill does not modify other skills or global agent settings. It only reads a .env in its own directory and runs as a local process from the workspace.
Assessment
This skill appears to be what it claims: a thin Python client that sends your text and speaker choices to TopMediai's API. Before installing: (1) Verify you trust the TopMediai service and that sending your text/audio data to that API is acceptable (the skill transmits the text to api.topmediai.com by default). (2) Provide a dedicated API key with minimal permissions if possible. (3) Inspect the included scripts yourself (they are small and readable) before placing your real key in .env. (4) Avoid enabling TOPMEDIAI_DEBUG in production — debug prints partial key metadata to stdout. (5) Ensure you install dependencies (requests, python-dotenv) in a controlled environment. If you want extra assurance, replace TOPMEDIAI_BASE_URL with a verified official endpoint or proxy that you control.

Like a lobster shell, security has layers — review code before you run it.

latestvk975ektq9m9qvydw8rasecyjqx831bfr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments