Openclaw Feishu Optimizer
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive voice messages may be transmitted to Google for transcription when this feature is used.
The speech-recognition code sends recorded audio data to Google Speech Recognition. This is expected for the advertised transcription feature, but it means voice-message contents may be processed by an external provider.
text = r.recognize_google(audio, language=language)
Avoid using the transcription command on highly sensitive audio unless you are comfortable with the external speech-recognition provider.
Installing dependencies may fetch whatever current package versions are available from the package index or mirror.
The skill asks the user to install unpinned Python packages. These dependencies are directly related to audio transcription, but unpinned package installation carries normal supply-chain and reproducibility risk.
pip3 install SpeechRecognition pydub
Install dependencies from a trusted package source and consider pinning versions if you need reproducible or controlled deployments.