Feishu Voice Clone TTS Skill
v1.0.0Convert text to speech using Volcengine TTS with preset or cloned voices and send audio messages to Feishu chats or groups.
⭐ 1· 297·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The script's behavior (call Volcengine TTS, convert with ffmpeg/ffprobe, upload to Feishu) matches the skill description. However the registry metadata lists no required environment variables or binaries while the SKILL.md and code do require FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_CHAT_ID, VOLC_API_KEY, VOLC_VOICE_TYPE and the ffmpeg/ffprobe binaries — this metadata omission is inconsistent and worth noting.
Instruction Scope
Runtime instructions and code limit actions to: calling Volcengine TTS API, converting audio locally with ffmpeg/ffprobe, obtaining a Feishu tenant token, uploading the resulting audio file, and sending a message. The SKILL.md documents these steps. The code does optionally read a local config file (~/.volcengine_key) as an alternative API-key source — this is documented in README but is an extra local file access to be aware of.
Install Mechanism
There is no install script or external download; the skill is delivered as source files. That reduces supply-chain risk. It does require system binaries (ffmpeg, ffprobe) and Python 'requests' at runtime; those prerequisites are mentioned in README but were not reflected in the registry's required-binaries field.
Credentials
The environment variables requested by the script (Feishu App ID/Secret, Feishu chat id, Volcengine API key and voice id) are appropriate and necessary for the described functionality. The script also supports reading ~/.volcengine_key for the Volcengine key — this config path was not declared in the registry metadata and gives the skill access to a home-directory file, which you should verify you want it to read.
Persistence & Privilege
The skill is not force-enabled (always:false), does not persist or modify other skills or system-wide settings, and only runs on explicit invocation. It exchanges credentials with the Feishu/Volcengine APIs as expected and uses temporary files for audio data.
What to consider before installing
This skill's code is coherent with its description, but the package/registry metadata omits required environment variables and binaries. Before installing: (1) Verify you trust the source — the author field/homepage are empty. (2) Provide dedicated Feishu and Volcengine credentials with minimal permissions (use a test app/service account), and do not reuse high-privilege secrets. (3) Ensure ffmpeg/ffprobe are installed in a controlled environment. (4) Be aware the script will read ~/.volcengine_key if present; remove or inspect that file if you don't want it used. (5) Review the code yourself (it is short and readable) or run it in an isolated container/VM. If you proceed, avoid giving production credentials until you’re comfortable; rotate them if you tested with real secrets.Like a lobster shell, security has layers — review code before you run it.
latestvk97ckgvk25s716gwk1ft87csbs82ddam
License
MIT-0
Free to use, modify, and redistribute. No attribution required.