Back to skill
Skillv0.1.0
ClawScan security
Voice Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:12 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to implement the claimed voice assistant functionality, but the registry metadata misstates what credentials/env are required (and primaryEnv is set to a provider name rather than a secret), so the manifest and runtime behavior are inconsistent — review before installing.
- Guidance
- This package implements the described voice pipeline and will stream your microphone audio and transcripts to third-party STT/TTS services (Deepgram and/or ElevenLabs) and to whatever OpenClaw gateway URL you provide. Before installing: 1) Be aware you must supply API keys (DEEPGRAM_API_KEY and/or ELEVENLABS_API_KEY) and your OPENCLAW_GATEWAY_URL/OPENCLAW_MODEL — the registry metadata does NOT list these, so the manifest is misleading. 2) Only install if you trust the skill author and the third-party providers; audio and transcripts will leave your machine. 3) Inspect scripts/server.py locally (already included) and run it in a limited environment (local machine or sandbox) before granting broader access. 4) If you don’t want to expose real data, test with dummy keys and a local gateway first. 5) Consider updating the manifest to correctly declare required secrets (primaryEnv should reference the actual API key variable) or ask the publisher for clarification.
Review Dimensions
- Purpose & Capability
- concernThe code and SKILL.md implement a real-time STT→LLM→TTS voice pipeline (Deepgram/ElevenLabs + OpenClaw gateway), which matches the name/description. However the registry metadata is inconsistent: it declares no required env vars and lists VOICE_STT_PROVIDER as the primary credential, but the server actually expects and uses sensitive API keys (DEEPGRAM_API_KEY, ELEVENLABS_API_KEY) plus OPENCLAW_GATEWAY_URL/OPENCLAW_MODEL. The primaryEnv should point at a secret like DEEPGRAM_API_KEY/ELEVENLABS_API_KEY (not the provider selector). This mismatch is disproportionate and confusing.
- Instruction Scope
- okSKILL.md provides concrete runtime instructions (copy .env.example to .env, fill in API keys, run uv run scripts/server.py, open browser). The runtime instructions and server code only reference expected files (.env) and the OpenClaw gateway; they stream microphone audio to configured STT/TTS providers and the OpenClaw gateway as described. There are no instructions to read unrelated system files or exfiltrate secrets beyond the STT/TTS and gateway endpoints.
- Install Mechanism
- okInstall spec is a single brew formula 'uv' which is a standard package-manager install path (lower risk). The skill includes Python code and a pyproject.toml declaring normal Python dependencies (fastapi, uvicorn, httpx, websockets). No arbitrary downloads, URL shorteners, or extracted remote archives are present in the provided install spec.
- Credentials
- concernThe skill requires multiple sensitive environment variables at runtime (DEEPGRAM_API_KEY, ELEVENLABS_API_KEY, OPENCLAW_GATEWAY_URL, OPENCLAW_MODEL) but the registry metadata lists no required env vars and sets primaryEnv to VOICE_STT_PROVIDER (a non-secret). This is misleading: users will need to supply API keys for third-party STT/TTS providers and a gateway URL, but the manifest does not declare them. Requesting multiple third-party API keys is reasonable for a voice skill, but the metadata/manifest should reflect that clearly.
- Persistence & Privilege
- okThe skill does not request always:true and does not modify other skills or system-wide settings. It runs as a local server and uses normal network connections to STT/TTS providers and the OpenClaw gateway. Autonomous invocation remains possible (platform default) but is not combined with unusual privileges here.