← Back to Skills Marketplace
1277
Downloads
1
Stars
6
Active Installs
5
Versions
Install in OpenClaw
/install voice-message
Description
Send voice messages across chat channels (Telegram, Discord, Feishu/Lark, Signal, WhatsApp, and others) using edge-tts for text-to-speech and ffmpeg for audi...
Usage Guidance
This skill appears to do what it says, but consider these operational cautions before installing: (1) The scripts call external services — edge-tts will send the text you convert to a remote TTS service, and send_feishu_voice.sh calls Feishu APIs — so message contents and tokens travel over the network. (2) Avoid passing long-lived tokens as plain command-line arguments (they can be visible via ps and may be stored in shell history); prefer ephemeral tokens or supplying tokens via a protected environment variable or stdin if you adapt the scripts. (3) Ensure you trust the source (no homepage provided) before running bundled shell scripts; inspect and, if needed, run them in a restricted environment. (4) Confirm required tools (edge-tts, ffmpeg/ffprobe, curl, python3) are installed from official sources. If you want higher assurance, request the skill author to accept tokens via stdin/env and to document any data retention or telemetry from the TTS provider.
Capability Analysis
Type: OpenClaw Skill
Name: voice-message
Version: 1.0.4
The skill bundle is classified as suspicious due to potential command/code injection vulnerabilities in its shell scripts. Specifically, `scripts/send_feishu_voice.sh` embeds shell variables (`$DURATION_SEC`, `$FILE_KEY`, `$RECEIVE_ID`) directly into Python code and JSON strings without robust sanitization, which could lead to injection if an attacker controls these inputs. Similarly, `scripts/gen_voice.sh` passes user-provided text (`$TEXT`) directly to `edge-tts`, posing a potential argument injection risk if `edge-tts` can be manipulated. While these are vulnerabilities that could lead to RCE, there is no clear evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints or backdoor installation; network calls are made to the legitimate Feishu API.
Capability Assessment
Purpose & Capability
Name/description (send voice messages via edge-tts + ffmpeg to multiple chat platforms) matches the included scripts and SKILL.md: gen_voice.sh creates OGG/OPUS using edge-tts and ffmpeg, gen_waveform.py computes waveform/duration for Discord, and send_feishu_voice.sh uploads and sends audio via Feishu API. The required tools (edge-tts, ffmpeg/ffprobe, curl, python3) are appropriate and proportionate to the stated purpose.
Instruction Scope
Runtime instructions stay within purpose: they call local conversion tools and platform APIs. Two operational/privacy notes: (1) edge-tts will send text audio requests to an external TTS service (expected but relevant for privacy of message contents); (2) the Feishu tenant_access_token is passed as a CLI argument in send_feishu_voice.sh, which can expose it via process listings or shell history—SKILL.md does not warn about this. The scripts do not read unrelated files or environment variables.
Install Mechanism
This is instruction-only with bundled scripts and no install spec — no downloads or archives are performed by the skill itself. That lowers install-time risk; required third-party tools are standard (edge-tts, ffmpeg).
Credentials
The skill declares no required environment variables or credentials and instead expects tokens/IDs to be provided at runtime (e.g., tenant_access_token argument for Feishu). That is proportionate, but passing secrets on the command line is risky (process-list exposure and shell history). Users should avoid supplying long-lived secrets as plain CLI args and prefer ephemeral tokens or safer injection mechanisms (stdin/env with proper protection).
Persistence & Privilege
The skill does not request persistent/system-wide privileges, does not set always:true, and does not modify other skills or global agent settings. It runs as-needed and requires explicit invocation.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install voice-message - After installation, invoke the skill by name or use
/voice-message - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
Add Chinese description
v1.0.3
Simplify SKILL.md: remove sensitive API details to pass security scan
v1.0.2
Remove requires.bins gating
v1.0.1
Add dependency declaration for edge-tts, ffmpeg, ffprobe
v1.0.0
Initial release of the voice-message skill.
- Send text as voice messages to Telegram, Discord, Feishu/Lark, Signal, WhatsApp, and more.
- Uses edge-tts for text-to-speech; ffmpeg for audio conversion.
- Includes scripts for generating and sending voice (with special support for Feishu/Lark and Discord voice bubble formats).
- Detailed prerequisites and configuration guidance.
- Explains channel-specific limitations and solutions, especially for Feishu/Lark and Discord.
Metadata
Frequently Asked Questions
What is Voice Message?
Send voice messages across chat channels (Telegram, Discord, Feishu/Lark, Signal, WhatsApp, and others) using edge-tts for text-to-speech and ffmpeg for audi... It is an AI Agent Skill for Claude Code / OpenClaw, with 1277 downloads so far.
How do I install Voice Message?
Run "/install voice-message" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Voice Message free?
Yes, Voice Message is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Voice Message support?
Voice Message is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Voice Message?
It is built and maintained by xmanrui (@xmanrui); the current version is v1.0.4.
More Skills