Back to skill
Skillv1.0.0
VirusTotal security
Voice2text · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:51 AM
- Hash
- f607501cf85c39ae7fd1096786092053f1ad1e8b4a09da3f62c578ea663ed7e4
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: voice2text Version: 1.0.0 The skill bundle implements an offline speech-to-text function using the Vosk library. Its core functionality involves opening a user-provided audio file path (`audio_path`) using `wave.open()` in `main.py`. While user-controlled file paths can be a vulnerability, the `wave.open()` function is specific to WAV files and is highly unlikely to successfully open and parse arbitrary non-WAV files (e.g., `/etc/passwd`) to leak their content; it would typically raise an error. There is no evidence of intentional malicious behavior such as data exfiltration, command execution, persistence, or prompt injection attempts against the AI agent. The file access is inherent to the skill's stated purpose, and the specific library function used mitigates the risk of arbitrary file reads.
- External report
- View on VirusTotal