← Back to Skills Marketplace
115
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-feishu-voice-free
Description
OpenClaw 飞书语音聊天技能,基于本地 Qwen3-TTS 和 Whisper,实现离线多语言语音识别与合成,无需云端API。
Usage Guidance
Do not blindly copy or overwrite system OpenClaw config files or use the provided openclaw.json without review—it contains Feishu appId/appSecret values and a gateway token. Treat those as sensitive: remove or replace them with your own credentials. If you want strictly offline operation, avoid using the --remote option in scripts/tools/tts-base.py and ensure QWEN_TTS_REMOTE is unset. When starting the servers, prefer binding to localhost (127.0.0.1) rather than 0.0.0.0 to avoid exposing endpoints to the network, and run services under a non-root account. Review setup.sh and pip requirements before running (pip installs execute code). Only download models from official sources you trust, and verify any embedded credentials are not active. If you’re unsure, run the skill in an isolated VM or container first and audit network traffic to confirm no unexpected outbound connections.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-feishu-voice-free
Version: 1.0.0
The skill bundle provides legitimate offline voice-to-text and text-to-speech services using Whisper and Qwen3-TTS; however, it is classified as suspicious due to the inclusion of a highly sensitive configuration file (openclaw.json) containing plaintext Feishu appSecrets, appIds, and a gateway authentication token. Additionally, the tool integration relies on executing shell commands via 'bash -c' with curl, which presents a risk of command injection if input parameters like 'MediaPath' are not strictly sanitized by the host environment. The servers also bind to all network interfaces (0.0.0.0) by default in scripts like tts-base-server-openai.py and whisper-server.py, potentially exposing the local model services to the network without authentication.
Capability Assessment
Purpose & Capability
The package implements local Whisper ASR and Qwen3-TTS servers and an installation script which is coherent with the described offline voice skill. However the bundle includes an openclaw.json containing Feishu appId/appSecret entries and a gateway token, which are unrelated to delivering local TTS/ASR functionality and unnecessary for the skill itself. Shipping sample/real channel credentials inside the skill is unexpected and potentially dangerous.
Instruction Scope
SKILL.md directs copying files into OpenClaw, running setup.sh, adding entries to /root/.openclaw/openclaw.json, starting long‑running HTTP servers, and optionally creating systemd services. The codebase is largely offline-capable, but the tts-base.py tool explicitly supports a --remote mode (and posts base64-encoded reference audio to arbitrary URLs), which contradicts the 'completely offline' claim and creates a possible exfiltration vector. The servers bind to 0.0.0.0 by default (exposing services network-wide) unless the operator restricts it.
Install Mechanism
There is no platform install spec, but setup.sh will create a venv and pip-install dependencies (torch, qwen-tts, transformers, pydub, etc.). This is expected for model-serving code; it is moderate risk (pip installs run arbitrary code) but not unusual for this type of skill. No downloads from obscure URLs are performed by the script itself (model downloads are delegated to huggingface-cli or snapshot_download).
Credentials
The skill declares no required env vars, yet code and docs reference environment variables (e.g., QWEN_TTS_REMOTE, QWEN_TTS_LANGUAGE) and the distributed openclaw.json contains what look like real credentials and a gateway token for Feishu and OpenClaw. Those credentials are not justified by the skill's purpose and could allow unauthorized access if they are active credentials or if the file is copied into a global config. The skill also instructs editing /root/.openclaw/openclaw.json — risk of accidentally overwriting or merging secrets.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only. However the README and SKILL.md encourage creating systemd services to run the servers as root and restarting the OpenClaw gateway, which gives persistent network-exposed processes. Combined with the embedded gateway token and channel credentials, this increases the operational blast radius if those items are active or misused.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-feishu-voice-free - After installation, invoke the skill by name or use
/openclaw-feishu-voice-free - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial Release
Metadata
Frequently Asked Questions
What is openclaw-feishu-voice-free?
OpenClaw 飞书语音聊天技能,基于本地 Qwen3-TTS 和 Whisper,实现离线多语言语音识别与合成,无需云端API。 It is an AI Agent Skill for Claude Code / OpenClaw, with 115 downloads so far.
How do I install openclaw-feishu-voice-free?
Run "/install openclaw-feishu-voice-free" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is openclaw-feishu-voice-free free?
Yes, openclaw-feishu-voice-free is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does openclaw-feishu-voice-free support?
openclaw-feishu-voice-free is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created openclaw-feishu-voice-free?
It is built and maintained by Shuai Shi (@shuaishi1991); the current version is v1.0.0.
More Skills