Local text-to-speech (TTS) and speech-to-text (STT) using FluidAudio on Apple Silicon. Sub-second voice synthesis and transcription running entirely on-device via the Apple Neural Engine. Use when setting up local voice capabilities, voice assistant integration, or replacing cloud TTS/STT services.
Security Analysis
medium confidenceThe skill generally matches a local TTS/STT daemon, but there are several inconsistencies (most importantly a claim of “100% local” while the STT code downloads models at runtime) and a few sloppy mismatches in the install/run instructions that you should review before installing.
Name/description, source files, and dependencies (FluidAudio, Hummingbird) align with a local TTS/STT daemon for Apple Silicon. However the SKILL.md repeatedly claims “100% local / no cloud,” while the STT code calls AsrModels.downloadAndLoad(version: .v3) at runtime — implying models may be fetched from the network. That contradiction is important for privacy/offline guarantees.
Runtime instructions focus on building, installing, and running a local daemon and include example curl/JS integration; they do not request unrelated files or credentials. Issues: mismatched LaunchAgent names and references (SKILL.md shows com.stella.tts/plist but scripts/setup.sh creates and loads com.stella.voice.plist; helper script references com.stella.tts), which could confuse users and lead to accidental misconfiguration. The instructions create a persistent user LaunchAgent with KeepAlive=true and place binaries/logs under user home directories.
No packaged install in the registry (instruction-only) and the provided source builds from a Swift Package that pulls FluidAudio and Hummingbird from GitHub — this is expected for a compiled Swift daemon. There are no arbitrary URL downloads in the repo itself. Note: runtime model downloading (AsrModels.downloadAndLoad) is performed by the library at startup and is not part of the registry install spec.
The skill declares no required env vars or credentials and the code does not request secrets. The LaunchAgent sets HOME in EnvironmentVariables (setup script). No unexplained credential or config access is requested.
The setup creates a user LaunchAgent (keeps the daemon running, RunAtLoad + KeepAlive) and copies a binary into ~/clawd/bin, so the service will persist across logins. While not an OS-level privileged install, persistent background services increase blast radius (especially combined with runtime model downloads). The skill is not marked always:true in the registry, but the service will auto-start on the user account.
Guidance
This package appears to be a legitimate local TTS/STT daemon, but check these before installing: 1) Offline claim: verify whether AsrModels.downloadAndLoad and KokoroTtsManager.initialize fetch models from the network and which hosts they contact — if you need truly offline operation, test in an isolated network or inspect FluidAudio sources. 2) LaunchAgent mismatch: SKILL.md, setup.sh, and the helper script use different plist names (com.stella.tts vs com.stella.voice); decide which to use and inspect the plist before loading. 3) Persistent service: the setup creates a KeepAlive LaunchAgent and log files under your home directory; ensure you’re comfortable with a background process auto-starting. 4) Build from source and inspect the FluidAudio package sources (or vendor models) to confirm model origin and license. 5) If privacy is a concern, run the setup in a controlled environment (VM or isolated account) and monitor outbound network connections during first startup to confirm no unexpected exfiltration. If you want, I can list the exact places in the FluidAudio package where model download endpoints are defined (you would need to provide or point me at that repository URL).
Latest Release
v1.0.1
Minor documentation update
Popular Skills
Published by @TrondW on ClawHub
