Back to skill
Skillv1.5.3
ClawScan security
Clack · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 26, 2026, 9:53 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, runtime instructions, and required credentials are coherent with a self-hosted voice-relay server for OpenClaw; it requests root privileges and installs system components as expected but you should review the setup script and repo before installing on a sensitive host.
- Guidance
- This skill appears to be what it claims: a self-hosted voice relay that integrates STT/TTS providers and the OpenClaw gateway. Before installing: (1) verify the upstream repository/author (SKILL metadata lists a GitHub URL in docs but the registry Source is 'unknown'); (2) audit scripts/setup.sh and the generated systemd service to see exactly what files and env vars will be written (it will store provider keys in config.json and put a service file under /etc/systemd); (3) be aware it requires sudo to install packages (apt, Tailscale, Caddy) and will modify network-facing config (reverse proxy, firewall suggestions) — consider installing in an isolated VM or container if you don't want system-wide changes; (4) ensure config.json and service files contain only keys you expect and that config.json has restrictive permissions (chmod 600); (5) if you rely on a private OpenClaw gateway, confirm enabling chatCompletions is acceptable. If you want more assurance, provide the full setup.sh/service file contents and I can point to the exact lines where keys are written, commands that contact external hosts, and the systemd unit that will be created.
Review Dimensions
- Purpose & Capability
- okName/description match the files and instructions: the skill implements a WebSocket voice relay, needs an OpenClaw gateway token and a local relay auth token, and requires python3/systemctl to create a systemd service. Optional provider API keys (ElevenLabs/OpenAI/Deepgram) are present in code and documented as optional. Nothing requested appears unrelated to a voice relay.
- Instruction Scope
- noteSKILL.md and scripts instruct the agent to read the user's OpenClaw config (~/.openclaw/openclaw.json), prompt for and persist provider keys into config.json, modify the gateway config (enable chatCompletions) if requested, install system packages (Tailscale/Caddy), and create a systemd service. These are in-scope for a server setup but are privileged operations that modify local system and gateway configuration — review them before running.
- Install Mechanism
- noteThis is an instruction-and-script skill (no centralized install spec). setup.sh runs apt installs and curls to add official APT sources (Tailscale, and likely Caddy via cloudsmith). The script uses known package hosts (pkgs.tailscale.com, cloudsmith) rather than opaque shorteners, which is typical but still a non-trivial change to the system. Expect packages and service files to be created under /etc and /usr/local.
- Credentials
- okDeclared required env variables (OPENCLAW_GATEWAY_TOKEN, RELAY_AUTH_TOKEN) match the functionality: gateway bearer token for LLM routing and a relay auth token for client authentication. Provider API keys are referenced in code but are optional and appear only to enable STT/TTS providers. No unrelated credentials are requested.
- Persistence & Privilege
- noteThe skill requires and uses root/sudo during setup to install packages, create a systemd service (/etc/systemd/system/clack.service), add CLI symlink, and alter reverse proxy configs (Caddy). always:false (not force-included). These privileges are expected for a long-running server but give the skill system-wide presence — review service files and created configs before trusting.