Scan Report
0 /100
local-tts-workflow
OpenClaw text-to-speech workflow for an OpenAI-compatible TTS server, including remote/self-hosted deployments such as vLLM Omni
This is a purely documentation-based TTS workflow skill with no executable code, only showing curl examples for a local TTS server on 127.0.0.1.
Safe to install
No action needed. This skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | SKILL.md:54-57 - Documents reading ~/.openclaw/openclaw.json for configuration e… |
| Network | READ | READ | ✓ Aligned | SKILL.md:59-100 - Documents curl commands to localhost TTS server endpoints |
| Shell | NONE | NONE | — | No shell scripts or code files present; only documentation examples |
5 findings
Medium External URL 外部 URL
http://127.0.0.1:8000/v1 SKILL.md:12 Medium External URL 外部 URL
http://127.0.0.1:8000/health SKILL.md:59 Medium External URL 外部 URL
http://127.0.0.1:8000/v1/models SKILL.md:60 Medium External URL 外部 URL
http://127.0.0.1:8000/v1/audio/speech SKILL.md:80 Medium External URL 外部 URL
http://127.0.0.1:8000/v1/audio/voice_consents references/tts-api.md:26 File Tree
2 files · 16.7 KB · 571 lines Markdown 2f · 571L
├─
▾
references
│ └─
tts-api.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Pure documentation skill with no executable code or scripts
✓ All network requests target localhost (127.0.0.1:8000) only
✓ Well-structured documentation covering TTS workflow, modes, and API usage
✓ No credential harvesting, data exfiltration, or remote execution patterns
✓ No sensitive path access (SSH, AWS, .env) detected
✓ No external IP addresses or C2 infrastructure indicators
✓ No base64-encoded payloads or obfuscated code
✓ Clear, legitimate purpose for TTS server debugging and configuration