Back to skill
Skillv0.1.0
VirusTotal security
Voice Listener · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:11 AM
- Hash
- 3582dcd8608ee2bd47cb3bd37c08642d52d4ac21e72397c05e58ce1ad46f704a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: voice-listener Version: 0.1.0 The skill bundle implements a voice-to-text assistant using the Baidu Speech API. It is classified as suspicious because it utilizes several high-risk capabilities, including microphone recording (sounddevice), clipboard access (pyperclip), and keyboard simulation (keyboard) to inject recognized text into the active window. While these are necessary for the stated functionality, the direct injection of unsanitized strings from an external API into the keyboard buffer presents a potential risk for accidental command execution. Furthermore, the scripts contain hardcoded local environment paths (e.g., referencing 'C:\Users\11666' in voice_input_baidu_smart.py and skill.json), which is a security anti-pattern, though no evidence of intentional malice or unauthorized data exfiltration was identified.
- External report
- View on VirusTotal