by 安全扫描
OpenClaw
可疑
high confidenceThe documentation promises automatic Pinyin conversion and language segmentation, but the included runtime script does not implement those features and also hardcodes a user-specific path to the edge-tts binary; these inconsistencies make the skill suspicious though not overtly malicious.
评估建议
Things to consider before installing or using this skill:
- Feature mismatch: SKILL.md promises automatic Pinyin conversion and auto-segmentation, but the included script does not implement either. You must supply pre-segmented JSON and already-converted text; do not assume the skill will transcribe/convert Pinyin for you.
- Hardcoded paths: The script calls edge-tts at /home/jackie_chen_phong/.local/bin/edge-tts. That path is user-specific and likely incorrect on your machine. Edit the script...详细分析 ▾
⚠ 用途与能力
SKILL.md advertises automatic Pinyin→Hán tự conversion and automatic language segmentation, but the provided script simply takes pre-segmented JSON and invokes edge-tts for each segment. The registry metadata also lists no required binaries while the README explicitly requires edge-tts and ffmpeg — a mismatch between declared requirements and described/actual needs.
⚠ 指令范围
Runtime instructions ask the user to install edge-tts and ffmpeg and to run the script with a segments JSON; however the doc implies the skill will perform segmentation and Pinyin conversion itself. In reality the script expects the caller to supply segments and text already converted. The script also hardcodes an absolute path to an edge-tts binary (/home/jackie_chen_phong/.local/bin/edge-tts), which is workspace/user-specific and not documented in SKILL.md as a requirement.
✓ 安装机制
No install spec is provided (instruction-only), and the package includes only a small Python script. There are no downloads, no archives to extract, and nothing in the manifest that would write arbitrary code to disk beyond the included script — this is low installation risk.
ℹ 凭证需求
The skill requests no environment variables or credentials, which is proportional. However, the script's hardcoded absolute binary path and the sample output path reference a specific home directory (jackie_chen_phong), which leaks a username and will likely break on other systems; the manifest should have declared edge-tts and ffmpeg as required binaries.
✓ 持久化与权限
The skill does not request persistent or elevated privileges and does not set always:true. It does run local binaries (edge-tts, ffmpeg) when invoked, which is expected for a TTS tool.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/12
Xuất bản chính thức với hướng dẫn cài đặt chi tiết edge-tts và ffmpeg.
● 无害
安装命令
点击复制官方npx clawhub@latest install smart-speak-jaskies
镜像加速npx clawhub@latest install smart-speak-jaskies --registry https://cn.longxiaskill.com 镜像可用
本土化适配说明
Smart Speak Multilingual TTS — 多语TTS 安装说明: 安装命令:npx clawhub@latest install smart-speak-jaskies