Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

飞书发语音(edge)

v1.0.1

飞书语音消息发送器。基于 Edge TTS,一键将文字转为语音发送到飞书。 使用场景: - 发送语音通知/提醒到飞书 - 文字转语音自动播报 触发词:飞书语音、语音发送、tts、文字转语音

0· 359·2 current·2 all-time
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code matches the stated purpose: it uses edge-tts to synthesize audio, converts to OPUS and sends via an OpenClaw 'openclaw message send --channel feishu' command. However the package/registry metadata claims no required binaries or env vars while the runtime clearly depends on the 'openclaw' CLI and optionally reads FEISHU_CHAT_ID / OC_CHAT_ID from the environment. That omission is an inconsistency but not direct evidence of malicious intent.
!
Instruction Scope
SKILL.md and README instruct installing edge-tts and ffmpeg and running the script, which is expected. But the script references environment variables (FEISHU_CHAT_ID, OC_CHAT_ID) and writes media files into ~/.openclaw/media/outbound and invokes the 'openclaw' CLI — none of these dependencies or side-effects are declared in the registry metadata. The instructions do not document the 'openclaw' CLI requirement or the exact environment variables used, which grants the skill implicit access to agent messaging functionality and local file paths.
Install Mechanism
There is no automated install spec (instruction-only). SKILL.md asks users to pip install edge-tts and apt-get ffmpeg, which is reasonable for the described functionality. No downloads from untrusted URLs or automatic archive extraction are present in the skill bundle.
!
Credentials
Registry metadata lists no required environment variables, but the script reads FEISHU_CHAT_ID and OC_CHAT_ID if target is unspecified. It also relies on the 'openclaw' CLI for sending messages, which in turn will use whatever credentials the OpenClaw environment has. The skill does not ask for Feishu tokens explicitly (which is proportionate), but the undeclared environment/CLI dependency is a mismatch that could surprise users who haven't authorized OpenClaw to send messages.
Persistence & Privilege
The skill is not always:true and does not modify other skills or global agent configuration. It writes temporary files to /tmp and copies media into ~/.openclaw/media/outbound (its own media area) — expected for a media-sending utility but worth noting.
What to consider before installing
What to check before installing: - Confirm you have and trust the 'openclaw' CLI: the script invokes 'openclaw message send --channel feishu' and relies on that CLI's authentication to actually post messages. - Be aware the script reads FEISHU_CHAT_ID and OC_CHAT_ID environment variables when no target is provided; these are not declared in the registry metadata. If you don't want automatic replies, avoid setting those or run with --target. - It requires edge-tts (network calls to Microsoft TTS) and FFmpeg for format conversion; review whether you accept those network calls and third-party packages. - The skill writes temp files in /tmp and copies OPUS files to ~/.openclaw/media/outbound. Verify that directory and file access is acceptable and that no sensitive files are present there. - Because the metadata omits the 'openclaw' dependency and env vars, review the included script (scripts/voice_sender.py) yourself or run it in an isolated/test environment first. If you need higher assurance, request the author to document required binaries and environment variables explicitly or to avoid implicit reliance on global CLI credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk9782aek68ypfh683rp5307d3d82ms6z
359downloads
0stars
2versions
Updated 6h ago
v1.0.1
MIT-0

Feishu Voice Sender - 飞书语音发送器

极简版 Edge TTS 语音发送工具,一键生成并发送到飞书。

特性

  • 🎙️ 单一供应商:Edge TTS(免费高质量)
  • 🎭 多语音选择:xiaoxiao、yunyang、yunxi 等
  • 🔄 自动格式转换:自动转为飞书 OPUS 格式
  • 📱 一键发送:生成后直接发送到飞书

安装依赖

pip install edge-tts
sudo apt-get install ffmpeg

快速开始

cd ~/.openclaw/skills/feishu-voice-sender/scripts

# 默认语音(xiaoxiao 温暖女声)
python3 voice_sender.py "你好老大,任务已完成"

# 指定语音
python3 voice_sender.py "系统告警" yunyang

语音列表

语音性别风格推荐场景
xiaoxiao温暖、专业⭐ 日常工作
yunyang专业、可靠正式通知
yunxi活泼、阳光轻松内容
xiaoyi活泼、卡通趣味内容
yunjian新闻播报紧急通知
xiaobei辽宁话幽默方言

使用示例

# 日常汇报
python3 voice_sender.py "老大,今日数据已更新"

# 紧急通知
python3 voice_sender.py "系统告警,服务器异常" yunjian

文件结构

feishu-voice-sender/
├── SKILL.md
└── scripts/
    └── voice_sender.py   # 极简版,单文件

极简 Edge TTS 飞书语音发送器

Comments

Loading comments...