Clonev
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: clonev Version: 1.0.0 The skill is classified as suspicious due to its reliance on powerful system commands and file system interactions, despite being plausibly needed for its stated purpose. The `scripts/clonev.sh` file executes `docker run` and `ffmpeg`, and performs a `cp` operation on a user-provided voice sample path, which could be abused to copy arbitrary files if the agent is tricked. While the `SKILL.md` instructions strongly guide the AI agent to use the script and avoid direct Docker interaction, these directives themselves are a form of prompt injection to ensure a specific execution flow involving these risky capabilities. There is no clear evidence of intentional malicious behavior like data exfiltration or persistence, but the potential for misuse of these powerful commands warrants a 'suspicious' classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could generate speech that appears to come from a real person who did not consent.
The primary description frames cloning other people's or celebrity voices as an intended use, which can create audio that listeners may trust as authentic.
Clone their voice or someone else's voice... Works with: Any voice! Yours, a celebrity, a character, etc.
Use only with explicit consent, add clear labeling/watermarking guidance, and require the agent to verify consent before cloning a third party's voice.
Cloned voice audio could be sent externally before the user reviews the exact file, recipient, or impersonation risk.
The quick-reference workflow makes sending the generated cloned voice to Telegram part of the agent action sequence, without a separate confirmation or recipient-scoping step.
→ Run: VOICE=$(...clonev.sh "hello" "/path/to/sample.wav" en) → Send: message action=send channel=telegram asVoice=true filePath="$VOICE"
Default to saving the generated audio locally and require explicit user approval, destination, and context before sending it through any messaging channel.
Sensitive voice samples may remain on disk and could be reused in later runs or confused with another person's sample by filename collision.
The script copies the user-provided voice sample into a persistent hard-coded directory and does not delete it; if a filename already exists, it reuses the old copy instead of the current file.
if [ ! -f "${COQUI_DIR}/voice-samples/${SAMPLE_BASENAME}" ]; then
cp "$VOICE_SAMPLE" "${COQUI_DIR}/voice-samples/"
fiUse per-run temporary sample paths, clean up voice samples by default, avoid basename reuse, and clearly disclose any retention option to the user.
Future runs may execute different container code than the code reviewed here.
The skill runs an external Docker image tagged latest, so the executed runtime can change over time; this is purpose-aligned for XTTS but should be pinned and disclosed.
docker run --rm --entrypoint "" ... ghcr.io/coqui-ai/tts:latest ...
Pin the container image by version or digest and declare Docker, ffmpeg, model download size, and trusted image provenance in the install requirements.