Free Girlfriend
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its virtual-companion media-generation purpose, but its setup and configuration instructions include broad local control, risky system changes, unsafe model-loading guidance, and persistent agent-persona changes.
Review the setup steps before installing. Prefer a virtual environment or container, avoid --break-system-packages and --disable-safe-unpickle, do not run remote scripts without reviewing and pinning them, and only edit SOUL.md or IDENTITY.md if you want the agent’s global personality to change beyond this skill.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the skill is asked to set up or run itself, the agent may have broad local command and file authority rather than only running narrowly defined media-generation commands.
The skill can use an unrestricted shell plus read/write/execute tools. Local command execution is relevant to media generation, but the artifact does not scope the authority to the specific scripts and output paths needed.
allowed-tools: Bash(*) Read Write Exec
Restrict tool use to specific scripts and directories, and require explicit user confirmation for installs, chmod, global file writes, and any non-output-file changes.
Running the installer could change system-level Python packages, break other tools, or install different dependency versions over time.
The installer pulls unpinned packages and uses --break-system-packages, which bypasses Python environment protections and can modify or destabilize the user’s system Python environment.
pip3 install edge-tts --break-system-packages -q ... pip3 install diffusers transformers accelerate safetensors torch --break-system-packages -q ... pip3 install opencv-python --break-system-packages -q
Install in a virtual environment or container, pin dependency versions, and avoid --break-system-packages unless the user explicitly understands and accepts the risk.
Following this setup step could run remote code that was not reviewed with the skill package.
The bundled documentation recommends directly executing a remote script from an unpinned URL, so the executed code can change independently of the reviewed artifact.
bash <(wget -qO- https://raw.githubusercontent.com/Winfredy/OpenTalker/main/scripts/download_models.sh)
Download scripts first, review them, pin to a trusted commit or release, and verify checksums before execution.
If a malicious or tampered model/checkpoint is loaded after this setting, it may be able to execute code on the user’s machine.
The documentation tells users to disable safe unpickle, a protection intended to reduce code-execution risk from unsafe Python pickle/model files.
set COMMANDLINE_ARGS="--disable-safe-unpickle"
Do not disable safe unpickle for untrusted models; prefer safetensors or verified checkpoints from trusted sources.
The agent’s future behavior may be changed across tasks, not just while using this skill.
The skill instructs editing global OpenClaw persona/identity files rather than a skill-scoped configuration file, creating persistent context that may be reused outside the virtual-girlfriend workflow.
编辑 `~/.openclaw/workspace/SOUL.md` 和 `IDENTITY.md` 定制人格。
Keep persona settings skill-scoped, back up existing SOUL.md/IDENTITY.md files, and only modify global identity files with explicit user approval and rollback instructions.
Text used for speech generation may be processed outside the local machine depending on the Edge TTS implementation.
The voice feature uses Edge TTS, an external provider integration. This is expected for the stated voice-generation purpose, but the artifacts do not clearly explain the data boundary for text sent to synthesize speech.
语音聊天(Edge TTS) ... pip3 install edge-tts
Avoid sending private or sensitive text to TTS unless you are comfortable with the provider’s privacy behavior.