ifly-voiceclone-tts Security Report — Low Risk | ClawSafe

20 /100

ifly-voiceclone-tts

iFlytek Voice Clone tts — train a custom voice model from audio samples and synthesize speech with the cloned voice using iFlytek's Voice Clone API. Pure Python stdlib, no pip dependencies.

Legitimate iFlytek voice cloning skill with no malicious behavior; minor documentation gaps exist between declared allowed tools and actual network/filesystem usage, but all code is clearly tied to documented functionality.

Skill Nameifly-voiceclone-tts

Duration49.0s

Enginepi

✓

Safe to install

Update SKILL.md to formally declare network and filesystem write permissions required for the iFlytek API workflow. Consider adding a small _meta.json with the capability map. No blocking security concerns identified.

Findings 4 items

Severity	Finding	Location
Low	Network access not formally declared in allowed-tools Doc Mismatch SKILL.md declares no allowed-tools, yet the Python script makes HTTP POST requests (urllib.request) and WebSocket connections to three iFlytek domains: opentrain.xfyousheng.com (training API), avatar-hci.xfyousheng.com (auth token), and cn-huabei-1.xf-yun.com (TTS WebSocket). All targets are documented in SKILL.md footnotes, but they are not mapped to allowed-tools. `No allowed-tools declaration present` → Add allowed-tools section to SKILL.md: WebFetch→network:READ, Read→filesystem:READ, Write→filesystem:WRITE	`SKILL.md:1`
Low	Filesystem write not formally declared in allowed-tools Doc Mismatch The script writes synthesized audio (MP3/PCM/etc.) to disk via open(output_path, 'wb'). SKILL.md does not declare filesystem:WRITE. This is necessary behavior but undocumented at the tool-permission level. `with open(output_path, 'wb') as f: f.write(audio_data)` → Declare filesystem:WRITE in allowed-tools mapping or clarify in documentation that output audio is written to disk	`scripts/voiceclone.py:368`
Info	API credentials read from environment — expected and declared Credential Theft The script reads IFLY_APP_ID, IFLY_API_KEY, IFLY_API_SECRET from os.environ. These are sent only to official iFlytek servers as part of normal API authentication. No exfiltration observed. `app_id = os.environ.get('IFLY_APP_ID'); api_key = os.environ.get('IFLY_API_KEY')` → No action needed. This is expected behavior for an API client tool.	`scripts/voiceclone.py:312`
Info	Local audio file read — expected and declared in SKILL.md Sensitive Access The script reads local audio files (wav/mp3/m4a/pcm) for upload to the training API. SKILL.md documents --audio flag. No exfiltration of audio data observed; it is sent only to the official iFlytek training endpoint. `with open(audio_path, 'rb') as f: audio_data = f.read()` → No action needed. This is a core feature of the voice cloning tool.	`scripts/voiceclone.py:337`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	scripts/voiceclone.py:337 — reads local audio files for upload
Filesystem	`NONE`	`WRITE`	✗ Violation	scripts/voiceclone.py:368 — open(output_path, 'wb') writes MP3 audio
Network	`NONE`	`READ`	✗ Violation	scripts/voiceclone.py:50,57,62 — HTTP POSTs and WebSocket connections to iFlytek…
Shell	`NONE`	`NONE`	—	No shell execution detected
Environment	`NONE`	`READ`	✓ Aligned	SKILL.md declares IFLY_APP_ID, IFLY_API_KEY, IFLY_API_SECRET env vars; code read…
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser access
Database	`NONE`	`NONE`	—	No database access

7 findings

🔗

Medium External URL 外部 URL

https://console.xfyun.cn

SKILL.md:12

🔗

Medium External URL 外部 URL

http://opentrain.xfyousheng.com/voice_train

SKILL.md:128

🔗

Medium External URL 外部 URL

https://www.xfyun.cn/doc/spark/voiceclone.html

SKILL.md:137

🔗

Medium External URL 外部 URL

https://console.xfyun.cn/workorder/commit

SKILL.md:163

🔗

Medium External URL 外部 URL

https://console.xfyun.cn/services/oneSentenceV2

SKILL.md:207

🔗

Medium External URL 外部 URL

https://console.xfyun.cn/sale/buy?wareId=9188&packageId=9188001&serviceName=%E4%B8%80%E5%8F%A5%E8%AF%9D%E5%A4%8D%E5%88%B...

SKILL.md:208

🔗

Medium External URL 外部 URL

http://avatar-hci.xfyousheng.com/aiauth/v1/token

scripts/voiceclone.py:50

File Tree

2 files · 43.6 KB · 1082 lines

Python 1f · 872L Markdown 1f · 210L

├─ ▾ 📁 scripts

│ └─ 🐍 voiceclone.py Python 872L · 32.7 KB

└─ 📝 SKILL.md Markdown 210L · 10.9 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`None (stdlib only)`	`N/A`	Python standard library	No	No pip dependencies — all imports are from the Python standard library (argparse, base64, hashlib, hmac, json, os, ssl, struct, sys, threading, time, urllib.parse, urllib.request, datetime, wsgiref.handlers)

Security Positives

✓ Pure Python stdlib only — no pip dependencies, no third-party packages, minimal supply chain risk

✓ All network targets are officially documented iFlytek endpoints; no rogue IP addresses or unknown domains

✓ No obfuscation techniques detected — code is readable, no base64-encoded payloads executed, no eval()

✓ No credential harvesting beyond what is required for iFlytek API authentication

✓ No sensitive path access (no ~/.ssh, ~/.aws, .env file reading)

✓ No persistence mechanisms (no cron, no startup hooks, no backdoors)

✓ No reverse shell, no C2 communication, no data exfiltration

✓ API keys are sent only to official iFlytek servers via standard HTTP/WebSocket protocols

✓ Well-structured code with clear separation of concerns (TrainClient, VoiceCloneSynthesizer, SimpleWebSocket)

Scan Report

Findings 4 items

File Tree

Dependencies 1 items

Security Positives