Back to skill
Skillv1.0.4
VirusTotal security
Pronunciation Coach · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:12 AM
- Hash
- 1033eef3083d707dabdcd5e6b732c1419f73f9e2640e32ab2763269137082c21
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: pronunciation-coach Version: 1.0.4 The skill is benign, transparently declaring its purpose to analyze audio using Azure Speech Services. It explicitly requests read access to `~/.openclaw/media/inbound/` and network access to `*.stt.speech.microsoft.com` in `skill.json`. The `pronunciation-assess.sh` script demonstrates good security practices by implementing checks against filename option injection (`case "$AUDIO_FILE" in -*)`, `ffmpeg -i -- "$AUDIO_FILE"`) and sanitizing the `REFERENCE_TEXT` to prevent JSON injection before sending it to Azure. The `SKILL.md` instructions guide the agent to perform its stated function without any evidence of prompt injection attempts to subvert its behavior or access unauthorized data.
- External report
- View on VirusTotal