Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
openclaw-voice
v1.0.0Transcribe audio to text and generate spoken AI responses using Whisper and ElevenLabs via CLI with transcript storage and search.
⭐ 2· 637·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The package description and SKILL.md claim Whisper STT, ElevenLabs TTS and (in v1.1) Twilio/Claude realtime call handling. The actual code provides CLI DB management, transcript storage, profile management, backups, and file-based interchange generation but contains no code that calls Whisper, ElevenLabs, Twilio, or external LLM APIs. Dependencies in package.json are only better-sqlite3, commander, and uuid. This is a substantive mismatch between claimed capabilities and implemented capabilities.
Instruction Scope
SKILL.md and VOICE_CALLING_SPEC.md describe use of child_process wrappers for sox/rec/ffplay, realtime WebSocket media servers, and many cloud API flows; none of those commands/APIs appear in the runtime code. The interchange generator writes .md files into a workspace-level 'interchange/voice' directory (three levels up from src), which will make conversation summaries available to other agents/tools on the same workspace. That file-write behavior is explicit and may expose transcripts or metadata beyond the local DB.
Install Mechanism
No external install script or remote downloads are declared; this is an instruction-plus-code skill that relies on standard npm packages (present in package.json and package-lock). There are no URLs or archive extracts in the install spec. Installing via npm would be the normal way to get native dependencies like better-sqlite3 (which has native build steps).
Credentials
Registry metadata lists no required env vars, but VOICE_CALLING_SPEC.md documents multiple sensitive environment variables (TWILIO_*, ELEVENLABS_API_KEY, ANTHROPIC_API_KEY, etc.) for planned features. The current code does not read those env vars, so requesting none is internally consistent for v1 — but the docs indicate future features that will require many secrets. Also, generateInterchange writes conversation summaries into a shared workspace directory; if you later enable networked TTS/STT or calling features, those transcripts could be shared externally if combined with other skills.
Persistence & Privilege
The skill does not request always:true and does not appear to modify other skills. It creates files and directories: data/voice.db, backups/, and workspace-level interchange/voice ops/state files. That gives it persistent disk state and the ability to expose data to other local skills via the interchange files — a functional but noteworthy level of presence.
What to consider before installing
What doesn't add up: the README and SKILL.md promise Whisper/ElevenLabs STT/TTS and a Twilio/real-time calling roadmap, but the shipped code only implements a CLI-backed SQLite transcript/profile manager and an 'interchange' MD generator. Before installing or supplying API keys:
- Ask the author which features are implemented now vs. planned. If you expect live STT/TTS or calling, confirm where that code lives and how it will be executed.
- Treat the interchange/voice directory as potentially public to other local skills: it writes MD summaries into the workspace root. If transcripts are sensitive, run the skill in an isolated workspace or change the output path.
- Don't provide Twilio/ElevenLabs/Anthropic keys until you see explicit code that uses them and you understand where audio/text will be sent and stored.
- If you plan to run npm install, be aware better-sqlite3 has native build steps (normal but requires build tooling).
Given the mismatches, proceed carefully and request clarification from the package owner; the inconsistencies look more like incomplete/unstable engineering than clearly malicious code, but they affect trust and data exposure.Like a lobster shell, security has layers — review code before you run it.
latestvk972qz2ymj7t7ptdrm7a5y4d6981hzwp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.