← 返回 Skills 市场
voice-output
作者
OlddirtybikerTony
· GitHub ↗
· v1.0.1
· MIT-0
131
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install voice-output
功能描述
Use when Tony says voice reply or asks to speak. Speaks the response aloud via Doubao TTS to MOMAX BS6.
安全使用建议
This skill looks like a legitimate TTS helper but has a few issues you should consider before installing:
- Hard-coded credential: The script contains an ACCESS_TOKEN string and APPID embedded in source. That token could be abused by whoever has it, may consume someone else's quota, or may be invalid. Ask the author to remove embedded secrets and require the user to provide their own token (e.g., via an environment variable) before use. If you install it, treat the embedded token as untrusted and consider rotating your own service credentials if you test it.
- Data sent to external service: All text passed to this skill is transmitted to Doubao/ByteDance's TTS endpoint. Do not send sensitive, private, or regulated data through this skill unless you control the service account and have reviewed privacy/compliance.
- Path and OS assumptions: SKILL.md uses an absolute user path (/Users/tony/...) and the code uses macOS 'afplay'. If you are not on macOS or your skill workspace is elsewhere, update the invocation instructions and the player command.
- Recommended actions before installing: (1) Request that the maintainer replace the hard-coded ACCESS_TOKEN with a requirement to set an env var (and update SKILL.md). (2) Verify who owns the embedded token (if you must use it temporarily) and whether it should be rotated. (3) Run the script in a sandbox or isolated account first and confirm it only sends the expected TTS requests and deletes temp files. (4) If you need cross-platform playback, update the code to detect the OS and choose an appropriate player.
If the maintainer cannot or will not remove the embedded token and document how credentials are set, treat this package as risky and prefer a version that requires user-supplied credentials.
功能分析
Type: OpenClaw Skill
Name: voice-output
Version: 1.0.1
The skill provides text-to-speech functionality by integrating with the Doubao (ByteDance) TTS API and using the macOS 'afplay' utility for audio playback. The implementation in 'voice_speak.py' is functionally sound, employing a PID-based lock file to prevent overlapping audio and safely handling subprocess calls without shell execution. While the bundle contains hardcoded API credentials (APPID and ACCESS_TOKEN) and a user-specific directory path in 'SKILL.md', these appear to be artifacts of a local development environment rather than intentional vulnerabilities or malicious features. The data flow is restricted to the stated purpose of converting text to audio via a legitimate third-party service.
能力评估
Purpose & Capability
The skill's stated purpose (speak responses via Doubao TTS to MOMAX BS6) matches the included code and docs. However, the code embeds an ACCESS_TOKEN and APPID inside the script instead of declaring/asking for credentials via environment variables as the SKILL.md/metadata imply. Embedding an external service token in distributed code is disproportionate and unexpected.
Instruction Scope
SKILL.md instructs calling a hard-coded user-specific path (/Users/tony/.openclaw/...), and the script assumes macOS 'afplay'. The runtime runs network calls to https://openspeech.bytedance.com/api/v1/tts and writes temporary mp3 files and a /tmp lock file. Those operations are consistent with TTS but the absolute path and OS-specific player are brittle and reveal a path- and OS-specific assumption that is not declared in metadata.
Install Mechanism
This is an instruction-only skill with a bundled Python script and no install specification. No additional packages are pulled or arbitrary download URLs used, which keeps install risk low.
Credentials
The package requests no environment variables, yet the script contains a hard-coded ACCESS_TOKEN (token string present) and APPID. This is inconsistent and risky: the token in the package could be leaked, abused, expired, or belong to someone else. Also, SKILL.md mentions Doubao TTS credentials but does not instruct the user to supply or rotate an ACCESS_TOKEN via env vars.
Persistence & Privilege
The skill does not request permanent system presence (always=false), does not modify other skills' configs, and only creates temporary files and a lock file under /tmp. No elevated privileges or persistent system-wide changes are requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install voice-output - 安装完成后,直接呼叫该 Skill 的名称或使用
/voice-output触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Fixed YAML frontmatter format, registered to openclaw-managed
v1.0.0
voice-output skill v1.0.0
- Adds voice reply capability using Doubao TTS, played aloud via afplay to MOMAX BS6.
- Triggers on specific phrases (e.g., "语音回复", "voice reply") or explicit requests from Tony; automatically suppresses if Tony asks for text-only.
- Outputs both a detailed written response and a shorter, conversational spoken version.
- Spoken content uses natural, summarized speech rather than reading the written reply verbatim.
- Integrates with Doubao TTS 2.0 API and uses a default, natural-sounding female voice.
元数据
常见问题
voice-output 是什么?
Use when Tony says voice reply or asks to speak. Speaks the response aloud via Doubao TTS to MOMAX BS6. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 131 次。
如何安装 voice-output?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install voice-output」即可一键安装,无需额外配置。
voice-output 是免费的吗?
是的,voice-output 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
voice-output 支持哪些平台?
voice-output 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 voice-output?
由 OlddirtybikerTony(@olddirtybikertony)开发并维护,当前版本 v1.0.1。
推荐 Skills