Qwen3 TTS Instruct
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts look like a normal text-to-speech skill, with user-noticeable items around API key use, external Alibaba Cloud processing, manual dependency installation, and strong “always call” wording.
Before installing, confirm you are comfortable running the manual setup, installing unpinned Python dependencies, providing a DashScope API key, and sending text to Alibaba Cloud for audio generation. Configure the agent to call this skill only when voice output is desired.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant might invoke TTS more often than intended or treat mood/persona guidance as stronger than normal user instructions.
The skill uses system-memory and mandatory tool-use language. It is scoped to voice/TTS behavior, but it could cause an agent to over-prioritize this skill if interpreted too literally.
> **SYSTEM MEMORY UPDATE:** ... **Always Call** - Every voice response MUST call this skill.
Use the skill only when the user wants voice output, and do not let the “SYSTEM MEMORY UPDATE” wording override system, developer, or user instructions.
Using the skill may consume Alibaba Cloud quota or incur charges, and the API key should be treated as a secret.
The skill requires a DashScope API key, which is expected for Alibaba Cloud TTS access but still grants account-backed API use.
metadata: {"openclaw":{"emoji":"🔊"},"requires":{"env":["DASHSCOPE_API_KEY"],"bins":["python3"]},"primaryEnv":"DASHSCOPE_API_KEY"}Provide a least-privileged DashScope key if available, keep it out of logs and shared prompts, and rotate it if exposed.
Future package changes or compromised dependencies could affect the local environment used by the skill.
The setup script installs packages from PyPI without pinned versions or hashes. This is common for a Python integration setup, but it leaves dependency provenance less controlled.
pip install --upgrade pip setuptools wheel ... pip install dashscope ... pip install websocket-client ... pip install soundfile
Prefer pinned dependency versions or a lockfile, and run setup only in the skill’s virtual environment as documented.
Text sent for speech generation may be processed by Alibaba Cloud, so sensitive content could leave the local machine.
The skill is designed to send text to an external Alibaba Cloud DashScope WebSocket endpoint for TTS generation. This is disclosed and purpose-aligned.
**WebSocket Realtime TTS** ... export DASHSCOPE_URL="wss://dashscope.aliyuncs.com/api-ws/v1/realtime"
Avoid sending secrets or highly sensitive text to the TTS provider unless that is acceptable under the provider’s privacy and data-handling terms.