Listen
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: listen Version: 1.0.0 The skill bundle's purpose is to improve transcription accuracy by learning from user corrections and configuring Speech-to-Text (STT) settings. All instructions within `SKILL.md`, `config.md`, and `criteria.md` are aligned with this stated purpose. There is no evidence of prompt injection attempts, data exfiltration, malicious execution, or persistence mechanisms. While `config.md` references API keys for STT providers, it does so in the context of guiding the agent to help the user with configuration, not for unauthorized access or theft.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Incorrect or sensitive correction entries could affect future transcriptions or reveal user-specific vocabulary if the skill file is shared.
The skill is designed to persist learned corrections and context, which is purpose-aligned but means user-specific names, terms, or correction patterns may be reused later.
This skill auto-evolves. Track transcription errors and learn corrections.
Review the Corrections, Patterns, Context, and Never sections periodically and avoid storing confidential terms unless needed.
Changing STT settings may switch the provider used for future audio transcription, with possible privacy, accuracy, or cost effects.
The skill documents a configuration-changing gateway operation; this fits the stated STT setup purpose, but it can affect future transcription behavior.
Use gateway config.patch to update STT settings.
Confirm the selected provider and settings before applying configuration patches.
A real API key could authorize use of the user's provider account and may incur usage or expose audio to that provider.
The skill includes examples for provider API keys, which is expected for Groq/OpenAI STT setup but still involves account credentials.
groq: apiKey: "gsk_..." ... openai: apiKey: "sk-..."
Use scoped provider keys where available, store them only in trusted configuration locations, and choose the local provider if offline privacy is required.