Skillv1.0.0

ClawScan security

IceCube Voice Clone · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 18, 2026, 5:10 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is largely a coherent how-to for voice cloning, but it references provider APIs and local scripts that aren't declared or included and doesn't explicitly declare how/when API keys would be used — these inconsistencies deserve caution before installing or granting credentials.
Guidance: This appears to be a legitimate voice-cloning guide rather than hidden malware, but take these precautions before using it: - The SKILL.md references scripts and sample files that are not included; ask the author for the missing files or clarify whether those are just planned artifacts. Do not assume absent scripts will be created automatically. - The guide shows API examples requiring provider keys (e.g., xi-api-key). Confirm how the agent will request/store those keys and never paste keys into an untrusted prompt or public channel. Prefer using provider-side secret storage if available. - Be mindful of legal/ethical risk: only clone voices you own or have explicit permission to use. Platforms may have policies or require consent. - Because the skill is instruction-only, it cannot itself execute code until the agent (or you) acts on its instructions — review any commands it suggests executing locally before running them. If you plan to integrate this skill into an agent workflow, ask the maintainer to (1) include the referenced scripts or remove them from the manifest, (2) declare any expected environment variables or credential handling, and (3) document how credentials are requested and where audio samples are stored.

Review Dimensions

Purpose & Capability: noteThe name and description match the SKILL.md content: it's a guide for voice-cloning using ElevenLabs, Fish Audio, Resemble AI, and open-source SoVITS. However the document lists a file structure with scripts and sample audio that are not present in the package manifest, which is an inconsistency between claimed deliverables and what's actually provided.
Instruction Scope: okRuntime instructions are instructional only (how to upload audio, call provider APIs, deploy GPT-SoVITS). The SKILL.md does not instruct reading unrelated system files or harvesting credentials from the environment. It includes example API calls (with placeholders for API keys) but does not autonomously direct the agent to exfiltrate data.
Install Mechanism: okThere is no install spec and no code files beyond SKILL.md, so nothing will be written to disk by an installer. This is low-risk from an installation perspective.
Credentials: noteThe skill declares no required environment variables or credentials, yet the instructions show API usage (e.g., xi-api-key for ElevenLabs). Requesting API keys at runtime would be proportionate to the described functionality, but the skill does not state how keys are provided or stored — check whether the agent will prompt for/require keys and how they are handled. Also note that voice-cloning inherently requires sensitive audio data and provider tokens; ensure you only provide credentials for services you trust.
Persistence & Privilege: okThe skill is not set to always: true and does not request persistent presence or elevated agent privileges. It does mention integrating with an existing ElevenLabs skill but does not indicate modifying other skills or global agent configuration.