← 返回 Skills 市场

Talking Circle

Name: Talking Circle
Author: rai220

作者 Rai220 · GitHub ↗ · v1.0.0

darwinlinux ⚠ suspicious

373

总下载

当前安装

版本数

在 OpenClaw 中安装

/install talking-circle

功能描述

Create animated talking-circle videos (Telegram-style round video messages) from avatar frame images and audio. Supports audio-to-video and text-to-video via...

安全使用建议

This skill appears to implement what it claims, but review these points before installing or giving API keys: - TLS verification disabled: the SaluteSpeech script calls Sber endpoints with requests(..., verify=False) and suppresses warnings. That weakens transport security and could allow man‑in‑the‑middle interception of your SALUTE_SPEECH_AUTH. Consider removing verify=False or only using trusted networks, or avoid using the Salute option if you must not risk exposing credentials. - API keys and privacy: ElevenLabs and SaluteSpeech keys (and any image/TTS service you use) are sent to third‑party services. Do not supply keys you cannot revoke; avoid uploading private avatar images to external image APIs if you need privacy. - Local installs: the skill will create a virtualenv under /tmp and pip-install numpy/pillow/requests from the included requirements.txt. Inspect requirements.txt and the repository before running if you are cautious. - Logs and artifacts: the scripts write build logs (out.build.log) and temporary files. Inspect logs if builds fail because they may include error messages from remote services. - If you are concerned about privacy or supply of secrets, run the scripts locally in an isolated environment (VM or container), or use Mode 1 (audio-to-video) with locally generated audio so you do not need to provide remote TTS credentials. If you want, I can point out the exact lines where verify=False is used and suggest a minimal patch to enable certificate verification.

功能分析

Type: OpenClaw Skill Name: talking-circle Version: 1.0.0 The skill is classified as suspicious due to a critical vulnerability: the `scripts/make_salute_text_to_video.py` script disables SSL certificate verification (`verify=False`) for API calls to SaluteSpeech (Sberbank) endpoints. This exposes sensitive credentials (`SALUTE_SPEECH_AUTH`) and data to potential Man-in-the-Middle (MITM) attacks. While the code's primary purpose is benign (video generation), this security flaw could lead to unauthorized access or data interception. Other `subprocess.run` calls appear to be safely constructed, and prompt injection risks against the image generation AI are a concern for the broader system rather than direct malicious intent within this skill's instructions.

能力评估

✓ Purpose & Capability

Name/description, CLI examples, and included scripts all implement creating talking‑circle videos from 4 avatar frames plus audio and/or TTS. Required binaries (python3, ffmpeg) and the declared primary credential (ELEVENLABS_API_KEY) are appropriate for the described functionality.

ℹ Instruction Scope

Runtime instructions and scripts stay within the stated purpose (audio analysis, frame compositing, calling TTS APIs). The SKILL.md and README explicitly encourage using external image/TTS services (DALL‑E, Midjourney, OpenAI, Google/Polly/Azure), which implies uploading avatar images and text to third‑party APIs — a privacy consideration. The SaluteSpeech script disables TLS verification (requests verify=False) and suppresses warnings, which weakens transport security and should be reviewed.

✓ Install Mechanism

There is no remote install spec; the skill auto-creates a local virtualenv (/tmp/talking-circle-venv) and pip-installs the small requirements.txt from the repository. No external binary downloads or obscure URLs are used. Creating a venv and installing packages is expected for Python tools, though it writes files under /tmp which persist across runs.

ℹ Credentials

The primary credential ELEVENLABS_API_KEY matches the ElevenLabs TTS usage. The SKILL.md/scripts also accept SALUTE_SPEECH_AUTH (Base64 client_id:client_secret) as an optional alternative but that env var was not listed in the registry 'required env' field — a minor metadata mismatch. No unrelated credentials or excessive secrets are requested.

✓ Persistence & Privilege

The skill does not request elevated system privileges, does not set always:true, and does not alter other skills. It creates a persistent venv at /tmp/talking-circle-venv and writes build logs next to output files (out.build.log) — normal for a CLI tool but something to note for disk footprint and potential log contents.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install talking-circle
安装完成后，直接呼叫该 Skill 的名称或使用 /talking-circle 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of talking-circle: animate circular avatar videos from audio and frame images. - Create Telegram-style talking-circle (round) video messages from four avatar images and audio, with lip-sync and blink. - Supports audio-to-video and text-to-video workflows. - Text-to-video mode supports ElevenLabs or SaluteSpeech (Sber) TTS; also works with audio from any TTS engine. - Detailed instructions for frame preparation, TTS setup, and usage examples provided. - No API key needed if providing your own audio file.

元数据

Slug talking-circle

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Talking Circle 是什么？

Create animated talking-circle videos (Telegram-style round video messages) from avatar frame images and audio. Supports audio-to-video and text-to-video via... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 373 次。

如何安装 Talking Circle？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install talking-circle」即可一键安装，无需额外配置。

Talking Circle 是免费的吗？

是的，Talking Circle 完全免费（开源免费），可自由下载、安装和使用。

Talking Circle 支持哪些平台？

Talking Circle 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（darwin, linux）。

谁开发了 Talking Circle？

由 Rai220（@rai220）开发并维护，当前版本 v1.0.0。