Skillv1.0.0

ClawScan security

智能配音合成虾 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 21, 2026, 8:18 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill generally does what its description says (text → TTS) but has inconsistent metadata and instructions that could leak secrets (echoing env vars) and mentions services (Azure) not implemented in the code — review before installing or supplying API keys.
Guidance: This skill appears to implement TTS via ElevenLabs and OpenAI, but there are a few red flags you should consider before installing or supplying API keys: - Metadata vs. reality: The registry metadata lists no required environment variables, but the included script requires ELEVENLABS_API_KEY and OPENAI_API_KEY. Confirm with the author or expect to provide those keys. - Azure mismatch: SKILL.md mentions Azure credentials, but the script does not implement Azure TTS — ask the maintainer for clarification if you need Azure support. - Secret exposure: SKILL.md shows examples that echo environment variables (e.g., echo "ElevenLabs: $ELEVENLABS_API_KEY"). Avoid executing such commands in shared or logged environments since they may expose your API keys in logs. Instead, verify keys privately or use secure tooling to manage secrets. - Dependency installation: The instructions tell you to pip install packages and brew install ffmpeg. Only install these in a trusted/isolated environment (virtualenv/container) to limit risk. - Voice cloning / copyright: The skill notes voice cloning requires authorization. Do not pass audio samples or use someone else's voice without consent. Suggested actions before use: inspect the code (you already have synthesize-voice.py), run it in an isolated environment, provide API keys with least-privilege credentials or test keys, and request the publisher update the skill metadata to list required env vars and clarify Azure support.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose is text→TTS using ElevenLabs/OpenAI/Azure/system TTS, which matches the included synthesize-voice.py for ElevenLabs and OpenAI; however the registry metadata declares no required env vars or credentials while both SKILL.md and the script expect ELEVENLABS_API_KEY and OPENAI_API_KEY (SKILL.md also lists AZURE_SPEECH_KEY and region but the script does not implement Azure). This mismatch between claimed requirements and actual code is incoherent.
Instruction Scope: noteSKILL.md provides a clear TTS workflow and example commands that invoke scripts/synthesize-voice.py and post-processing. However the docs demonstrate running echo "ElevenLabs: $ELEVENLABS_API_KEY" which would print API keys to stdout/logs (a potential secret-leak risk). The instructions ask the agent to read script files and write output audio files (expected), and there are no instructions to exfiltrate data to unexpected endpoints. The guide suggests installing dependencies via pip/brew but there is no install spec in the metadata.
Install Mechanism: okThere is no automated install spec (instruction-only plus a Python script). That is the lower-risk model because nothing is automatically downloaded or executed during install. The SKILL.md suggests pip/brew commands for dependencies, which is expected for a Python-based TTS script but will run arbitrary package installs if followed by a user.
Credentials: concernThe package metadata declares no required environment variables, but the script reads ELEVENLABS_API_KEY and OPENAI_API_KEY from the environment and SKILL.md also references AZURE_SPEECH_* keys. Requiring API keys for the listed TTS services is reasonable, but the omission from metadata is inconsistent and the SKILL.md example of echoing env vars risks exposing secrets. There are no other unnecessary credentials requested.
Persistence & Privilege: okThe skill does not request privileged persistence (always:false) and does not modify other skills or system-wide configs. It only runs as a normal user CLI script and writes generated audio files to the working directory.