← Back to Skills Marketplace

火山引擎豆包语音播客

Name: 火山引擎豆包语音播客
Author: cindypapa

by Cindypapa · GitHub ↗ · v1.1.1 · MIT-0

cross-platform ⚠ suspicious

146

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install volcano-engine-podcast

Description

生成火山引擎豆包语音播客（PodcastTTS）。输入主题文本，自动生成双人对话式播客音频。

Usage Guidance

What to consider before installing/using this skill: - Credentials: The code requires a Volcengine appid and access token (SKILL.md references VOLC_APPID and VOLC_ACCESS_TOKEN). The registry metadata does not list these — assume you must provide them. Only supply keys you control and are comfortable using for TTS calls. - Hidden config access: scripts/kamei_podcast.py will try to read ~/.openclaw/config.json for credentials. Inspect that file (if present) before running to ensure it doesn't contain unrelated secrets you don't want read by this code. - File writes & permissions: kamei_podcast.py copies generated audio to /root/.openclaw/media/qqbot/downloads (SEND_DIR). That path requires root permissions and is not documented in SKILL.md. If you run as a non-root user the copy will fail; if you run as root the skill will write into that location. Consider changing SEND_DIR or running in a sandbox/container and inspect the script before use. - Hardcoded key: an app_key default (aGjiRDfUWi) is embedded in the code. Confirm whether you should use your own key rather than the default, and avoid relying on embedded/unknown keys. - Network endpoint: the client connects to wss://openspeech.bytedance.com/api/v3/sami/podcasttts. If you require assurance about what is sent, review the code path that builds headers and payload (headers include your appid/access_key) and consider running it in an environment where you can monitor outbound connections. - Safety steps: review the files (generate_podcast.py and kamei_podcast.py) locally before running, provide only least-privilege credentials, and run the skill in a sandbox or non-root account. If you want to use it in an automated agent, update SEND_DIR to a safe location and remove or verify any reading of ~/.openclaw/config.json. If source/origin is important, ask the publisher for provenance (homepage, contact) because 'Source: unknown' increases risk. If you can provide the publisher/source or confirm the intended runtime environment (e.g., OpenClaw agent running as root in a container), I can re-evaluate and raise or lower the confidence accordingly.

Capability Analysis

Type: OpenClaw Skill Name: volcano-engine-podcast Version: 1.1.1 The skill bundle is a legitimate implementation for generating AI-powered dual-speaker podcasts using the Volcengine (ByteDance) PodcastTTS API. It includes a robust implementation of a custom binary WebSocket protocol in `protocols.py` and a well-structured generator in `generate_podcast.py`. The integration script `kamei_podcast.py` correctly handles configuration by reading from the standard OpenClaw path (`~/.openclaw/config.json`) and outputs files to a designated media directory for bot delivery. No evidence of data exfiltration, malicious execution, or prompt injection was found.

Capability Tags

requires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

ℹ Purpose & Capability

Name/description match the code: the Python client connects to a Volcengine/openspeech WebSocket and streams/merges audio for PodcastTTS. Requiring appid/access_token is appropriate. However, registry metadata declares no required env vars while SKILL.md and code clearly expect VOLC_APPID / VOLC_ACCESS_TOKEN (and optionally VOLC_APP_KEY). That registry omission is an incoherence that could mislead users about secret requirements.

⚠ Instruction Scope

SKILL.md documents env vars and CLI/API usage and is generally scoped to TTS generation. But one bundled script (scripts/kamei_podcast.py) reads a config file at ~/.openclaw/config.json and copies output to a hardcoded SEND_DIR (/root/.openclaw/media/qqbot/downloads). Those file-path interactions are not documented in SKILL.md's '注意事项' and introduce side effects outside the described output_dir (reading user config and writing into a root-owned path). The code also embeds a default app_key in plain text. These behaviors expand scope beyond just calling the remote TTS service.

✓ Install Mechanism

No install spec is present (instruction-only skill plus Python scripts). Nothing is downloaded or executed automatically by an installer, which minimizes supply-chain risk. The skill requires Python packages (websockets, optionally pydub) but those are documented in SKILL.md.

⚠ Credentials

The skill legitimately needs Volcengine credentials (appid and access token). However, the registry metadata lists no required env vars even though SKILL.md instructs use of VOLC_APPID and VOLC_ACCESS_TOKEN. The code also attempts to read credentials from ~/.openclaw/config.json (key name volc['access_key']) which could expose other local secrets if that file exists. Embedding an app_key default in code is also notable (hardcoded key). Overall the requested/used environment access is proportionate for the TTS task, but the undisclosed config-file access and hardcoded key are unexpected.

ℹ Persistence & Privilege

The skill does not request always:true and does not modify other skills' configurations. However, scripts will read ~/.openclaw/config.json and write copied audio into /root/.openclaw/media/qqbot/downloads — writing into a root path assumes elevated privileges and is an operational concern. This is not an 'always' persistence problem, but it is a side-effect that could fail or cause unexpected file writes when run with different user permissions.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install volcano-engine-podcast
After installation, invoke the skill by name or use /volcano-engine-podcast
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.1

v1.1.1 重新发布：支持双人对话播客生成，含片头音乐、分片流式下发、断点续传、音频后处理

v1.1.0

- Added multi-step user flow: skill now always asks if reference materials are available before generating a podcast. - Improved podcast generation logic for both cases: with or without provided materials. - Clearly defined required trigger keywords for easier activation. - Updated API usage examples and configuration guidelines. - Outlined output structure and return data details. - Clarified instructions to always send the final MP3 file to the user.

Metadata

Slug volcano-engine-podcast

Version 1.1.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is 火山引擎豆包语音播客?

生成火山引擎豆包语音播客（PodcastTTS）。输入主题文本，自动生成双人对话式播客音频。 It is an AI Agent Skill for Claude Code / OpenClaw, with 146 downloads so far.

How do I install 火山引擎豆包语音播客?

Run "/install volcano-engine-podcast" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 火山引擎豆包语音播客 free?

Yes, 火山引擎豆包语音播客 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 火山引擎豆包语音播客 support?

火山引擎豆包语音播客 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 火山引擎豆包语音播客?

It is built and maintained by Cindypapa (@cindypapa); the current version is v1.1.1.

More Skills