Qwen3-TTS VoiceDesign
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to be a coherent text-to-speech server/client package, but users should review its external installs, network exposure, and optional auto-start setup.
This skill is reasonable for self-hosted TTS use. Before installing, review the external Python/model downloads, run it in an isolated environment, bind the server to localhost unless remote access is intended, avoid the elevated scheduled-task example, and do not send sensitive text to an untrusted TTS_URL.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing may download and run code from package/model sources outside the skill itself.
Manual setup pulls unpinned packages and model files from external registries. This is disclosed and purpose-aligned, but version/provenance changes can affect the user's environment.
pip install qwen-tts soundfile pydub uvicorn fastapi numpy ... pip install torch --index-url https://download.pytorch.org/whl/cu128 ... snapshot_download('Qwen/Qwen3-TTS-12Hz-1.7B-VoiceDesign')Run setup in an isolated virtual environment, review package sources, and pin versions if you need reproducible or enterprise-controlled installs.
Other devices on the network could use the TTS server and consume compute resources if the port is reachable.
The API server binds to all interfaces by default and the provided endpoint code does not show authentication or rate limiting. This is coherent for a TTS service, but it can be reachable by other clients if the port is exposed.
HOST = os.environ.get("TTS_HOST", "0.0.0.0") ... @app.post("/tts") ... uvicorn.run(app, host=HOST, port=PORT, log_level="info")Use TTS_HOST=127.0.0.1 for local-only use, or place the service behind a trusted firewall/reverse proxy if remote access is needed.
Sensitive text could leave the local machine if a remote TTS_URL is used.
The client sends the requested text to the configured TTS server. This is expected for text-to-speech, but if TTS_URL points to a remote or untrusted host, that host receives the text.
curl -s -o "$OUTPUT" -X POST "${TTS_URL}/tts" -H "Content-Type: application/json" -d "$BODY"Send confidential text only to a trusted self-hosted endpoint, and prefer localhost for private use.
The TTS server may continue consuming resources or remain network-reachable until explicitly stopped.
The documentation describes optional long-running/background and auto-restart modes. These are disclosed and user-directed, but they keep the service running after the initial task.
nohup python tts_server.py > server.log 2>&1 & ... Auto-restart (Windows — scheduled task + guard script) ... Auto-restart (Linux — systemd)
Use auto-restart only when you want a persistent service, and keep the documented stop commands available.
If followed as written, the persistent TTS process could run with elevated local permissions.
The optional Windows scheduled-task example uses highest privileges, which is broader than a TTS server normally needs. It is not automatic, but users should notice the privilege level before using it.
schtasks /create /tn "TTS-Guard" /tr "tts_guard.bat" /sc onlogon /rl highest
Do not use /rl highest unless truly required; run the service as a normal user or a least-privilege service account.