X Voice Match
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: x-voice-match Version: 1.0.0 The skill bundle is designed to analyze Twitter/X account voice and generate matching posts. It relies on an external utility, `/data/workspace/bird.sh`, to fetch tweets, which is a common pattern for skills interacting with the environment. The Python scripts (`analyze_voice.py`, `generate_post.py`) execute this utility using `subprocess.run` with controlled arguments, mitigating direct shell injection risks. The `SKILL.md` and Python scripts construct detailed prompts for the LLM to guide content generation, but these do not contain instructions to subvert the agent's core functions, exfiltrate data, or perform unauthorized actions. All actions are aligned with the stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could generate posts that impersonate another X account or mislead an audience about who authored the content.
The skill explicitly frames success as producing content that could fool readers into believing the target account wrote it.
Sounds authentic (could fool someone) ... Perfect match, indistinguishable from their real tweets
Limit use to accounts the user owns or is authorized to represent, avoid 'fool someone' framing, and clearly label generated posts as drafts or AI-assisted content.
A crafted tweet or profile file could contain instructions that influence the agent beyond voice matching.
Raw tweets from arbitrary accounts are inserted into the LLM prompt as reference text without an explicit untrusted-content boundary.
samples = '\n'.join(f" - {tweet}" for tweet in profile.get('sample_tweets', [])[:5]) ... SAMPLE TWEETS (for reference):\n{samples}Delimit sampled tweets as untrusted data and instruct the agent to ignore any commands, links, secrets requests, or tool-use instructions contained inside samples.
The skill may fetch account data using Bird CLI access available in the environment.
The skill invokes a local external CLI with user-selected account and tweet count; this is purpose-aligned but relies on the behavior and permissions of that CLI.
subprocess.run(["/data/workspace/bird.sh", "user-tweets", username, "-n", str(args.tweets)], capture_output=True, text=True)
Verify the Bird CLI source and permissions before use, and review what account data it can access.
Stored profiles may preserve copied posts and any adversarial or sensitive content included in them.
The generated voice profile persists sample tweets and style patterns to a local JSON file for later reuse.
"sample_tweets": [t['text'] for t in tweets[:5] if 'text' in t] ... json.dump(profile, f, indent=2)
Store profiles only for authorized accounts, review profile files before reuse, and delete profiles when no longer needed.