← 返回 Skills 市场

Ressemble TTS e STT

Name: Ressemble TTS e STT
Author: adriano-vr

作者 Adriano-VR · GitHub ↗ · v1.0.1

cross-platform ⚠ suspicious

591

总下载

当前安装

版本数

在 OpenClaw 中安装

/install ressemble

功能描述

Text-to-Speech and Speech-to-Text integration using Resemble AI HTTP API.

安全使用建议

What to consider before installing: - The skill will send audio and text to Resemble's endpoints and requires your RESEMBLE_API_KEY (the scripts check for it). Do not provide a production key until you review and trust the scripts. - Registry metadata currently omits the RESEMBLE_API_KEY and required binaries (curl, jq, base64). This is likely an oversight but should be corrected — ask the publisher to declare required env vars/binaries in the registry entry. - Review the two shell scripts yourself (they are small): they post to https://app.resemble.ai and https://f.cluster.resemble.ai, poll job status, and write synthesized MP3s to /tmp. Confirm these endpoints are the official Resemble domains you expect. - Be aware that transcripts and audio are uploaded to a third-party service. If you handle sensitive audio, consider using a throwaway or limited-scope API key for testing and rotate the key after exposure. - If you want higher assurance, ask the author to (a) fix the registry metadata to list RESEMBLE_API_KEY and required binaries, (b) provide provenance or homepage, and (c) explain why two different Resemble hosts are used for TTS vs STT. Additional information that would change this assessment: explicit registry metadata declaring the env var and binaries (would raise confidence to benign), or discovery of additional undeclared credentials/endpoints (would raise severity).

功能分析

Type: OpenClaw Skill Name: ressemble Version: 1.0.1 The skill bundle is classified as suspicious due to vulnerabilities in input handling within the shell scripts. Specifically, `scripts/tts.sh` directly interpolates user-provided text and voice UUID into a JSON payload, creating a JSON injection vulnerability if the input contains special characters. Similarly, `scripts/stt.sh` uses the user-provided audio file path directly without explicit sanitization, which could lead to issues if the path contains shell metacharacters. While these are vulnerabilities and not evidence of malicious intent, they represent a risk of unexpected behavior or potential exploitation if the agent provides crafted inputs. The scripts otherwise interact with legitimate Resemble AI API endpoints (`https://app.resemble.ai`, `https://f.cluster.resemble.ai`) for their stated purpose.

能力评估

ℹ Purpose & Capability

The name/description (Resemble TTS & STT) matches the included scripts and docs: both scripts call Resemble API endpoints for transcription and synthesis. Requiring an API key for Resemble is expected. However, the registry metadata lists no required env vars or binaries while the included .md files and scripts require RESEMBLE_API_KEY and binaries (curl, jq, base64). This metadata mismatch is inconsistent.

✓ Instruction Scope

The SKILL.md and the two shell scripts only perform expected actions: upload an audio file for STT, poll for job status, request TTS synth, decode base64 audio to /tmp, and echo outputs. They do not try to read unrelated system files or additional environment variables. They send data to Resemble endpoints and write temporary files under /tmp, which is consistent with the stated purpose.

✓ Install Mechanism

There is no install specification (instruction-only plus included shell scripts). That is low-risk compared with arbitrary downloads. The presence of executable shell scripts means code will run if invoked, but nothing in the repository performs remote code installation.

⚠ Credentials

The scripts and per-command metadata require RESEMBLE_API_KEY and binaries (curl, jq, base64). The registry-level metadata, however, lists no required env vars or binaries. This divergence is concerning because an omitted required credential or binary in registry metadata could cause unexpected runtime prompts or silent failures and hides that the skill needs your API key. RESEMBLE_API_KEY is the only credential the scripts use; otherwise the requested scope is proportional to the functionality.

✓ Persistence & Privilege

The skill is not always-enabled and does not request special persistence or modify other skills. It only writes temporary output files to /tmp when synthesizing audio, which is reasonable for its function.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install ressemble
安装完成后，直接呼叫该 Skill 的名称或使用 /ressemble 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

- Fixed typo in file names: renamed "resemble-stt.md" and "resemble-tts.md" to "ressemble-stt.md" and "ressemble-tts.md" - Added new script files: scripts/stt.sh and scripts/tts.sh for easier command-line usage

v1.0.0

Initial release of the Ressemble skill — Text-to-Speech and Speech-to-Text integration using Resemble AI. - Adds TTS (text-to-speech) via custom voices and MP3/base64 output. - Adds STT (speech-to-text) with async transcription and polling. - Integrates with Resemble AI HTTP API. - Requires RESEMBLE_API_KEY environment variable.

元数据

Slug ressemble

版本 1.0.1

许可证 —

累计安装 0

当前安装数 0

历史版本数 2

常见问题

Ressemble TTS e STT 是什么？

Text-to-Speech and Speech-to-Text integration using Resemble AI HTTP API. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 591 次。

如何安装 Ressemble TTS e STT？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ressemble」即可一键安装，无需额外配置。

Ressemble TTS e STT 是免费的吗？

是的，Ressemble TTS e STT 完全免费（开源免费），可自由下载、安装和使用。

Ressemble TTS e STT 支持哪些平台？

Ressemble TTS e STT 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Ressemble TTS e STT？

由 Adriano-VR（@adriano-vr）开发并维护，当前版本 v1.0.1。