ClawHub

Zyt TTS

v0.6.0

Use Chanjing TTS API to convert text to speech by listing voices, creating synthesis tasks, and polling task status. This skill reads app_id and secret_key f...

0· 94·0 current·0 all-time
by@zuoyuting214
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Chanjing TTS) match the code and SKILL.md: the skill reads local app_id/secret_key, calls the documented Chanjing endpoints, lists voices, creates tasks, and polls status. Small mismatch: the registry metadata marks CHANJING_CONFIG_DIR and CHANJING_AUTO_OPEN_LOGIN as "required env vars," but in practice both are optional (CHANJING_CONFIG_DIR defaults to ~/.chanjing and CHANJING_AUTO_OPEN_LOGIN controls optional browser behavior).
Instruction Scope
SKILL.md and scripts only instruct the agent to read/write a local credentials file (~/.chanjing/credentials.json), refresh an access_token via the documented API, list voices, create tasks, and poll status. There are no instructions to read unrelated system files, exfiltrate arbitrary data, or call endpoints outside the documented Chanjing domain.
Install Mechanism
This is an instruction-only skill with no install spec and a small Python helper script that uses only the standard library (urllib, json, webbrowser). Nothing is downloaded or executed from an external, untrusted URL.
Credentials
The skill declares CHANJING_CONFIG_DIR and CHANJING_AUTO_OPEN_LOGIN as required env vars in metadata, but the code treats them as optional. The skill does not request API keys via environment variables; instead it reads app_id and secret_key from a local credentials.json file. Requiring the two CHANJING_* env vars in metadata is unnecessary but not malicious.
Persistence & Privilege
always is false and the skill does not modify other skills or global agent configuration. It writes/updates ~/.chanjing/credentials.json and will cache access_token/expire_in there (and attempts to set restrictive file permissions), which is appropriate for a local client that stores credentials.
Assessment
This skill appears to be a straightforward Chanjing TTS client. Before installing, note: (1) you must store your app_id and secret_key in ~/.chanjing/credentials.json (or set CHANJING_CONFIG_DIR to another directory) — the skill will read and cache an access_token there; (2) it may create ~/.chanjing and set file permissions; (3) only set CHANJING_AUTO_OPEN_LOGIN=1 if you want the helper to try opening the login page in your browser; (4) network calls go to open-api.chanjing.cc and https://www.chanjing.cc for login guidance — verify you trust that service and your credentials; and (5) the registry metadata over-declares CHANJING_* env vars as "required" though the scripts treat them as optional. If you are comfortable storing credentials in the local file and trusting the Chanjing endpoints, this skill is coherent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dws75423zgz2h85cxc5mngs83n9ht

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvCHANJING_CONFIG_DIR, CHANJING_AUTO_OPEN_LOGIN

Comments