中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:2 days ago Rescan
15 /100
xeontts
Xeon TTS — 本地语音合成技能,面向 OpenClaw QQBOT 的音色克隆与风格化 TTS 工作流
A legitimate TTS voice-cloning skill with no malicious behavior; base64 decoding is for decoding audio responses, shell scripts handle standard Python/Node environment setup, and model downloads target only HuggingFace. Minor concerns are undocumented shell execution and unpinned Python dependencies.
Skill Namexeontts
Duration40.1s
Enginepi
Safe to install
Document shell execution in SKILL.md and pin Python package versions in setup_env.sh for reproducibility.

Findings 5 items

Severity Finding Location
Low
Shell execution not declared in SKILL.md
SKILL.md does not list any allowed-tools. Multiple scripts (setup_env.sh, install.sh, configure_openclaw_integration.sh) execute shell commands (conda setup, pip install, node config patching) which require shell:WRITE capability.
No allowed-tools section present
→ Add an allowed-tools section declaring Bash for skill execution, Read and Write for filesystem operations, and network access for local Flask TTS.
 SKILL.md:1
Low
Python package version not pinned
setup_env.sh installs xdp-tts-service via pip without a version specifier, relying on XDP_TTS_PIP_SPEC environment variable. This can result in non-deterministic installs.
pip install -q --upgrade "$TTS_PIP_SPEC"
→ Pin to a specific version: pip install -q xdp-tts-service==X.Y.Z
 setup_env.sh:134
Info
Base64 audio decoding is legitimate
The pre-scan flagged Buffer.from(result.audio_base64, 'base64') as critical. This is normal TTS behavior: the Flask service returns audio as base64 and server.js decodes it to write a .wav file. No code obfuscation or suspicious use of base64 is present.
fs.writeFileSync(outputPath, Buffer.from(result.audio_base64, 'base64'))
→ No action needed; this is expected audio handling.
 server.js:513
Info
Miniconda installed to home directory
setup_env.sh downloads and installs Miniconda3 to $HOME/miniconda3. This is standard Python environment management for ML workloads.
wget --timeout=120 -q "$conda_url" -O /tmp/miniconda.sh
→ No action needed; this is standard ML tooling.
 setup_env.sh:110
Info
No sensitive data access or exfiltration
The skill has no code that accesses SSH keys, AWS credentials, .env files, or other sensitive paths. Network calls are limited to localhost (Flask TTS) and HuggingFace (model downloads). No external IP exfiltration.
Full review: no os.environ iteration, no ~/.ssh, no .env access, no curl-to-external-IP
→ No action needed.
 server.js:1
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✓ Aligned setup_env.sh:1 - writes config files, tts_config.json, runtime dirs
Shell NONE WRITE ✓ Aligned setup_env.sh, install.sh, configure_openclaw_integration.sh - bash scripts insta…
Network READ READ ✓ Aligned server.js:495 - fetch to Flask TTS at 127.0.0.1:5002; setup_env.sh downloads fro…
Environment NONE READ ✓ Aligned setup_env.sh reads BASE_MODEL_PATH, HF_ENDPOINT, etc.
2 Critical 14 findings
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(result.audio_base64, 'base64'
server.js:513
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(data.audio_base64, 'base64'
server.js:557
🔗
Medium External URL 外部 URL
http://127.0.0.1:5002/api/tts/synthesize
.clawhub.json:13
🔗
Medium External URL 外部 URL
http://127.0.0.1:5002/api/health
README.md:164
🔗
Medium External URL 外部 URL
http://127.0.0.1:9002/health
README.md:194
🔗
Medium External URL 外部 URL
http://127.0.0.1:9002/api/workflow/message
README.md:202
🔗
Medium External URL 外部 URL
http://127.0.0.1:9002/api/workflow/reference-audio
README.md:210
🔗
Medium External URL 外部 URL
http://127.0.0.1:9002/api/tts/custom-speak
README.md:227
🔗
Medium External URL 外部 URL
http://127.0.0.1:9002
SKILL.md:119
🔗
Medium External URL 外部 URL
https://paulmillr.com/funding/
package-lock.json:27
🔗
Medium External URL 外部 URL
https://ko-fi.com/tunnckoCore/commissions
package-lock.json:69
🔗
Medium External URL 外部 URL
http://127.0.0.1
server.js:685
🔗
Medium External URL 外部 URL
https://hf-mirror.com
setup_env.sh:4
🔗
Medium External URL 外部 URL
https://repo.anaconda.com/miniconda/Miniconda3-py310_23.11.0-2-Linux-x86_64.sh
setup_env.sh:110

File Tree

17 files · 71.5 KB · 2183 lines
JavaScript 1f · 824L Shell 8f · 733L Markdown 2f · 434L JSON 6f · 192L
├─ 📋 _meta.json JSON 6L · 127 B
├─ 📋 .clawhub.json JSON 27L · 1010 B
├─ 📋 config.example.json JSON 21L · 698 B
├─ 🔧 configure_openclaw_integration.sh Shell 81L · 2.4 KB
├─ 🔧 install_systemd_services.sh Shell 62L · 1.8 KB
├─ 🔧 install.sh Shell 54L · 1.3 KB
├─ 📋 package-lock.json JSON 88L · 2.8 KB
├─ 📋 package.json JSON 22L · 690 B
├─ 📝 README.md Markdown 270L · 8.7 KB
├─ 🔧 self_check.sh Shell 86L · 3.1 KB
├─ 📜 server.js JavaScript 824L · 29.0 KB
├─ 🔧 setup_env.sh Shell 338L · 10.7 KB
├─ 📝 SKILL.md Markdown 164L · 5.1 KB
├─ 🔧 start_all.sh Shell 48L · 1.3 KB
├─ 🔧 start_tts_service.sh Shell 45L · 1.4 KB
├─ 🔧 stop_tts.sh Shell 19L · 509 B
└─ 📋 tts_config.example.json JSON 28L · 988 B

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
xdp-tts-service * (unpinned) pip No Package version controlled by XDP_TTS_PIP_SPEC env var; not pinned
formidable ^3.5.4 npm No Used for multipart file upload parsing in server.js

Security Positives

✓ No credential harvesting — no access to ~/.ssh, ~/.aws, .env, or environment variable iteration for secrets
✓ No data exfiltration — no POST to external IPs, no encoded network beacons
✓ No reverse shell or remote code execution vectors
✓ No hidden HTML comments or steganographic payloads
✓ No eval(), Function(), or dynamic code generation
✓ Base64 usage is exclusively for legitimate audio decode (Flask TTS returns base64-encoded WAV)
✓ Local network calls restricted to 127.0.0.1 (Flask TTS service)
✓ Config backup created before modification (configure_openclaw_integration.sh)
✓ File retention auto-cleanup prevents unbounded disk growth
✓ Explicit STT guard prevents misuse of TTS skill for ASR workloads