Wecom Voice
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its WeCom voice-message purpose, but its script can run unsafe PowerShell/shell commands from message text and may send to a hard-coded default recipient.
Review carefully before installing. Only use it with trusted message text and explicit recipients, and prefer a revised version that safely escapes input, avoids PowerShell ExecutionPolicy Bypass where possible, declares its Windows/FFmpeg/OpenClaw requirements, and confirms the recipient before sending.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed message text could cause commands to run on the user's computer, not just generate speech.
The message text is inserted directly into a generated PowerShell script and then executed with ExecutionPolicy Bypass. A crafted text value containing quotes or PowerShell syntax could break out of the Speak call and run arbitrary local commands.
const text = process.argv[2] || 'hello'; ... $synth.Speak("PLACEHOLDER") ... .replace('PLACEHOLDER', text); ... execSync(`powershell -ExecutionPolicy Bypass -File "${ps1File}"`, { encoding: 'utf8' });Escape or encode the TTS text safely, avoid generating executable scripts from raw input, and invoke PowerShell with structured arguments or a safer TTS API wrapper.
A voice message could be sent to an unintended WeCom contact, and a crafted target value could affect the shell command.
If no recipient is supplied, the skill sends to the hard-coded user 'FanQi'. The target is also interpolated into a shell command without safe argument handling.
const targetUser = process.argv[3] || 'FanQi'; ... execSync(`openclaw message send -t "${targetUser}" --channel wecom --media "${amrFile}"`, { encoding: 'utf8' });Require an explicit recipient for every send, confirm the recipient before sending, and call the messaging tool with safe argument arrays rather than shell-interpolated strings.
Messages will be sent as or through the user's configured WeCom account/channel.
The skill sends messages through the user's locally configured OpenClaw WeCom channel, which is expected for the purpose but uses the user's messaging identity.
execSync(`openclaw message send -t "${targetUser}" --channel wecom --media "${amrFile}"`, { encoding: 'utf8' });Install only if you are comfortable granting the skill access to send WeCom messages, and require explicit user confirmation before sending.
The skill may fail or behave differently depending on locally installed tools and paths, and users may not see the full dependency requirements from metadata alone.
The registry metadata does not declare the runtime requirements, while the skill documentation and code depend on Windows System.Speech, FFmpeg, Node, and OpenClaw CLI behavior.
Required binaries (all must exist): none ... OS restriction: none ... No install spec — this is an instruction-only skill.
Declare Windows as the supported OS and list required binaries/dependencies explicitly, including how FFmpeg and OpenClaw CLI are expected to be installed.
Spoken message contents may remain on disk after sending and could be visible to later local tools or users with filesystem access.
The generated voice media is written into a persistent OpenClaw media directory, and the script only deletes the temporary PowerShell file, not the WAV or AMR files.
const MEDIA_DIR = path.join(USERPROFILE, '.openclaw', 'media', 'inbound'); ... const wavFile = path.join(MEDIA_DIR, `voice-${timestamp}.wav`); const amrFile = path.join(MEDIA_DIR, `voice-${timestamp}.amr`);Document the retention behavior and optionally delete generated WAV/AMR files after successful sending unless the user asks to keep them.