voice-minimax
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured incorrectly, generated audio could be sent through the wrong Feishu bot or to the wrong Feishu user.
The skill requires a provider API key and Feishu bot authority to send to a configured recipient. This is expected for the stated purpose, but it is sensitive delegated access and the default recipient should be changed or confirmed.
`你的MiniMax API Key` → 你的 MiniMax API Key; `飞书用户ID` → 飞书用户 open_id(默认:ou_c1e599d5838a3f2ab8c4dbc40b709cf2) ... lark-cli --as bot im +messages-send
Use least-privilege Feishu bot credentials, store the MiniMax key in a secret or environment variable rather than inline shell history, and verify the recipient open_id before sending.
Running the workflow will create or overwrite local audio files and send a message via Feishu.
The skill documents shell-based API calls, audio conversion, file writes, and message sending. These tools are central to the voice-generation workflow, but they have real side effects.
python3 -c "... urllib.request.urlopen(req) ..." ... ffmpeg -i /tmp/voice.mp3 ... /tmp/voice.opus -y ... lark-cli --as bot im +messages-send
Run only after checking the text, output path, and recipient; consider using unique temporary filenames to avoid overwriting existing files.
The skill may fail or behave unexpectedly if python3, ffmpeg, lark-cli, MiniMax credentials, or Feishu bot configuration are not already available.
The registry metadata does not declare the local tools or credential expectations that SKILL.md describes. This appears to be an incomplete packaging/metadata declaration rather than hidden code.
Required binaries (all must exist): none ... Env var declarations: none ... Primary credential: none
Declare required binaries and credentials in metadata, or document setup steps clearly before installation.
Text and generated audio may be processed by MiniMax and delivered through Feishu.
The user-provided text is sent to MiniMax for synthesis, and generated audio is sent to Feishu. These external transfers are disclosed and purpose-aligned.
'https://api.minimaxi.com/v1/t2a_v2' ... lark-cli --as bot im +messages-send --msg-type audio --audio ./voice.opus
Avoid sending sensitive or regulated text unless MiniMax and Feishu use is approved for that data.