扫描报告
0 /100
mimo-tts
Generate speech audio (WAV) from text using Xiaomi MiMo TTS (mimo-v2-tts model)
MiMo TTS skill is a straightforward text-to-speech wrapper using only Python standard library, making a single authenticated API call to Xiaomi's service and writing audio output — no suspicious patterns.
可以安装
No action needed. The skill is safe to use as described.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | scripts/tts.py:27 urllib.request.urlopen POST to api.xiaomimimo.com |
| 文件系统 | NONE | WRITE | ✓ 一致 | scripts/tts.py:93 open(args.output, 'wb') — declared in docs as -o output flag |
| 环境变量 | READ | READ | ✓ 一致 | scripts/tts.py:85 os.environ.get('MIMO_API_KEY') — declared in SKILL.md |
| 命令执行 | NONE | NONE | — | No shell execution found |
2 项发现
中危 外部 URL 外部 URL
https://api.xiaomimimo.com SKILL.md:13 中危 外部 URL 外部 URL
https://api.xiaomimimo.com/v1 scripts/tts.py:12 目录结构
2 文件 · 5.5 KB · 167 行 Python 1f · 96L
Markdown 1f · 71L
├─
▾
scripts
│ └─
tts.py
Python
└─
SKILL.md
Markdown
安全亮点
✓ Uses only Python standard library (no third-party dependencies)
✓ API key read from environment variable only, not hardcoded
✓ No subprocess, eval, or shell command execution
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env files)
✓ No base64 decode piped to shell
✓ No data exfiltration or credential harvesting beyond the intended API call
✓ Implementation matches documented behavior exactly