VoiceClaw
PassAudited by ClawScan on May 1, 2026.
Overview
VoiceClaw’s artifacts match its stated local voice transcription and speech-generation purpose, with only normal cautions around local binaries, automatic replies, and manual downloads.
This skill appears safe for its stated purpose if you want local voice transcription and speech replies. Before installing, make sure the local whisper, piper, and ffmpeg binaries come from trusted sources, verify any manually downloaded models or releases, and use it only in chats where automatic voice and text replies are appropriate.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When used in a messaging context, the agent may send generated audio and text replies whenever it handles a voice message.
The skill instructs the agent to automatically create and send voice plus text responses for voice inputs. This is aligned with the skill purpose, but users should understand it can cause outbound messages to be sent as part of normal operation.
“Always respond with both a voice reply and a text reply when a voice message is received.” ... “Send voice before text.”
Install only where automatic voice replies are desired, and confirm the surrounding agent or messaging tool has appropriate send permissions and user controls.
The skill will run installed local audio-processing programs on provided audio files.
The script executes local ffmpeg and Whisper binaries. This is central to the stated local transcription purpose and is disclosed, but it means the skill depends on trustworthy local binaries and PATH/env configuration.
ffmpeg -i "$AUDIO_FILE" -ar 16000 -ac 1 "$TMP_WAV" -y -loglevel error "$WHISPER_BIN" -m "$MODEL" "$TMP_WAV"
Use trusted installations of whisper, piper, and ffmpeg, and set WHISPER_BIN/PIPER_BIN explicitly if PATH trust is a concern.
If the external repository or release changes or is compromised, a user following the manual install instructions could install different code than expected.
The README documents manual installation from a live GitHub repository or latest release. This is not automatic runtime behavior, but users are relying on external, unpinned sources when following those setup instructions.
git clone https://github.com/Asif2BD/VoiceClaw.git ~/.openclaw/custom-skills/voiceclaw curl -L https://github.com/Asif2BD/VoiceClaw/releases/latest/download/voiceclaw.skill -o voiceclaw.skill
Prefer trusted release versions, verify checksums or signatures when available, and review downloaded files before installing.