← 返回 Skills 市场
1277
总下载
1
收藏
6
当前安装
5
版本数
在 OpenClaw 中安装
/install voice-message
功能描述
Send voice messages across chat channels (Telegram, Discord, Feishu/Lark, Signal, WhatsApp, and others) using edge-tts for text-to-speech and ffmpeg for audi...
安全使用建议
This skill appears to do what it says, but consider these operational cautions before installing: (1) The scripts call external services — edge-tts will send the text you convert to a remote TTS service, and send_feishu_voice.sh calls Feishu APIs — so message contents and tokens travel over the network. (2) Avoid passing long-lived tokens as plain command-line arguments (they can be visible via ps and may be stored in shell history); prefer ephemeral tokens or supplying tokens via a protected environment variable or stdin if you adapt the scripts. (3) Ensure you trust the source (no homepage provided) before running bundled shell scripts; inspect and, if needed, run them in a restricted environment. (4) Confirm required tools (edge-tts, ffmpeg/ffprobe, curl, python3) are installed from official sources. If you want higher assurance, request the skill author to accept tokens via stdin/env and to document any data retention or telemetry from the TTS provider.
功能分析
Type: OpenClaw Skill
Name: voice-message
Version: 1.0.4
The skill bundle is classified as suspicious due to potential command/code injection vulnerabilities in its shell scripts. Specifically, `scripts/send_feishu_voice.sh` embeds shell variables (`$DURATION_SEC`, `$FILE_KEY`, `$RECEIVE_ID`) directly into Python code and JSON strings without robust sanitization, which could lead to injection if an attacker controls these inputs. Similarly, `scripts/gen_voice.sh` passes user-provided text (`$TEXT`) directly to `edge-tts`, posing a potential argument injection risk if `edge-tts` can be manipulated. While these are vulnerabilities that could lead to RCE, there is no clear evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints or backdoor installation; network calls are made to the legitimate Feishu API.
能力评估
Purpose & Capability
Name/description (send voice messages via edge-tts + ffmpeg to multiple chat platforms) matches the included scripts and SKILL.md: gen_voice.sh creates OGG/OPUS using edge-tts and ffmpeg, gen_waveform.py computes waveform/duration for Discord, and send_feishu_voice.sh uploads and sends audio via Feishu API. The required tools (edge-tts, ffmpeg/ffprobe, curl, python3) are appropriate and proportionate to the stated purpose.
Instruction Scope
Runtime instructions stay within purpose: they call local conversion tools and platform APIs. Two operational/privacy notes: (1) edge-tts will send text audio requests to an external TTS service (expected but relevant for privacy of message contents); (2) the Feishu tenant_access_token is passed as a CLI argument in send_feishu_voice.sh, which can expose it via process listings or shell history—SKILL.md does not warn about this. The scripts do not read unrelated files or environment variables.
Install Mechanism
This is instruction-only with bundled scripts and no install spec — no downloads or archives are performed by the skill itself. That lowers install-time risk; required third-party tools are standard (edge-tts, ffmpeg).
Credentials
The skill declares no required environment variables or credentials and instead expects tokens/IDs to be provided at runtime (e.g., tenant_access_token argument for Feishu). That is proportionate, but passing secrets on the command line is risky (process-list exposure and shell history). Users should avoid supplying long-lived secrets as plain CLI args and prefer ephemeral tokens or safer injection mechanisms (stdin/env with proper protection).
Persistence & Privilege
The skill does not request persistent/system-wide privileges, does not set always:true, and does not modify other skills or global agent settings. It runs as-needed and requires explicit invocation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install voice-message - 安装完成后,直接呼叫该 Skill 的名称或使用
/voice-message触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
Add Chinese description
v1.0.3
Simplify SKILL.md: remove sensitive API details to pass security scan
v1.0.2
Remove requires.bins gating
v1.0.1
Add dependency declaration for edge-tts, ffmpeg, ffprobe
v1.0.0
Initial release of the voice-message skill.
- Send text as voice messages to Telegram, Discord, Feishu/Lark, Signal, WhatsApp, and more.
- Uses edge-tts for text-to-speech; ffmpeg for audio conversion.
- Includes scripts for generating and sending voice (with special support for Feishu/Lark and Discord voice bubble formats).
- Detailed prerequisites and configuration guidance.
- Explains channel-specific limitations and solutions, especially for Feishu/Lark and Discord.
元数据
常见问题
Voice Message 是什么?
Send voice messages across chat channels (Telegram, Discord, Feishu/Lark, Signal, WhatsApp, and others) using edge-tts for text-to-speech and ffmpeg for audi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1277 次。
如何安装 Voice Message?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install voice-message」即可一键安装,无需额外配置。
Voice Message 是免费的吗?
是的,Voice Message 完全免费(开源免费),可自由下载、安装和使用。
Voice Message 支持哪些平台?
Voice Message 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Voice Message?
由 xmanrui(@xmanrui)开发并维护,当前版本 v1.0.4。
推荐 Skills