Speak

Security checks across malware telemetry and agentic risk

Overview

This is a small, instruction-only TTS preference skill with disclosed, purpose-aligned behavior and no executable or hidden components.

Install this if you want OpenClaw to manage TTS settings and remember concise speaking preferences. Before using paid providers, review any API key configuration and auto-speaking mode, and periodically check the Voice, Style, Spoken Text, and Avoid sections for preferences you did not intend to keep.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The skill says it 'auto-evolves' and should learn how the user wants to be spoken to, but it does not define when this behavior should activate, what signals are in scope, or what boundaries apply. That ambiguity can cause unintended persistence of inferred preferences or adaptation from unrelated user content, leading to privacy issues and behavior drift in a user-facing voice channel.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The instruction to 'mirror user's communication style' is underspecified and lacks constraints around language, tone, safety boundaries, and protected characteristics. In a TTS context, this can lead the agent to imitate abusive, manipulative, offensive, or inappropriate speech patterns and to infer sensitive traits from user language without consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal