Skillv1.0.3

ClawScan security

iMessage Voice Reply · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 27, 2026, 5:55 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files, runtime instructions, and required resources are consistent with its stated purpose of generating and sending iMessage-style voice replies using local Kokoro TTS.
Guidance: This skill appears coherent and matches its description, but review these practical points before installing: 1) setup.sh will pip install kokoro-onnx (and deps) from PyPI and will cause Kokoro to download ~136MB of models into ~/.cache/kokoro-onnx — expect network activity and disk usage. 2) Confirm you trust the kokoro-onnx PyPI package and its model source (audit upstream if needed). 3) The script uses tempfile.mktemp (potential race-condition/insecure temp path pattern) — not an immediate red flag but worth noting if you run in multi-user environments. 4) On non-macOS the setup requires ffmpeg; on macOS it uses afconvert. 5) The skill does not request credentials, but it uses your configured BlueBubbles channel to send attachments — ensure BlueBubbles is configured and trusted. If you want extra safety, run setup in an isolated environment (container or VM) and inspect/verify the kokoro-onnx package and downloaded model files before use.

Review Dimensions

Purpose & Capability: okName/description (iMessage voice replies) align with included scripts and instructions: a local Kokoro TTS pipeline, audio encoding (afconvert/ffmpeg), and use of a BlueBubbles channel to send the resulting CAF/Opus payload. No unrelated services, credentials, or binaries are requested.
Instruction Scope: noteSKILL.md stays on-task: it instructs setup (venv and pip install), model download to ~/.cache/kokoro-onnx, generating audio with the Python script, and sending via BlueBubbles. It does require network access during pip install and model download; the instructions do not attempt to read unrelated system configuration or secrets. The doc correctly warns about shell escaping and recommends --text-file for untrusted input.
Install Mechanism: noteThere is no packaged install spec, but setup.sh runs python3 -m venv and pip installs kokoro-onnx, soundfile, and numpy from PyPI. This is a standard mechanism but does involve pulling code and (indirectly) models from the network; kokoro-onnx appears to fetch models when instantiated. No arbitrary URL downloads or archive extraction from unknown hosts are present in the repo files.
Credentials: okThe skill requests no environment variables or credentials. It expects an existing BlueBubbles channel configured in OpenClaw to send the message (that is reasonable and proportional). The scripts write to the user's home cache (~/.cache/kokoro-onnx) and /tmp, which is expected for local model storage and temp audio files.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and only installs a venv under the skill directory and model files under the user's cache. It runs only when invoked by the user/agent (default behavior).