Percept Listen
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill has a clear purpose, but it handles always-sensitive ambient conversation transcripts through a public tunnel and persistent searchable storage without documenting authentication, retention, or privacy boundaries.
Install only if you are comfortable creating searchable records of ambient conversations. Verify the Percept package, protect the webhook/tunnel with authentication, tell affected people when listening is active, and set clear rules for stopping, deleting, and reusing transcripts.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misconfigured or unauthenticated webhook could expose private transcripts or allow injected/spoofed conversation data to reach the agent.
The skill receives private conversation transcripts over an externally reachable webhook/tunnel, but the artifacts do not mention authentication, signing, origin checks, or access restrictions.
Webhook configured: Omi app → Settings → Webhooks → `https://<your-tunnel>/webhook/transcript` ... Configure a tunnel (Cloudflare, ngrok, Tailscale) so Omi can reach your local server.
Use an authenticated tunnel/webhook, restrict origins where possible, require a secret/signature, and do not enable the receiver until access controls are confirmed.
Private or bystander conversations may remain searchable and available to the agent after the original listening session.
The skill creates persistent, searchable memory from ambient conversations, including a live transcript file, without describing retention, deletion, access controls, or limits on later agent use.
Conversations are stored in local SQLite with FTS5 full-text search ... SQLite DB: `percept/data/percept.db`; Live transcript: `/tmp/percept-live.txt`; Conversations: `percept/data/conversations/`
Before use, define where transcripts are stored, who/what can read them, how long they are kept, how to delete them, and when the agent may search or reuse them.
Users may believe the system is fully local and private even though transcripts are transmitted through a webhook/tunnel and processed outside the OpenClaw machine.
The privacy claim is ambiguous because the workflow also depends on phone-side transcription and transcript delivery through a tunnel, so users may overestimate the locality and privacy of the data flow.
Omi pendant captures audio → phone does STT → sends transcript segments via webhook ... All processing stays local — no audio leaves your machine
Clarify exactly where audio and transcripts are processed, whether any third-party services are involved, and what data passes through the tunnel.
The actual receiver code that handles sensitive transcripts is not visible in the supplied artifacts.
The skill relies on installing and running external Percept code, while the provided package contains no reviewed code files or pinned install specification.
pip install getpercept ... PYTHONPATH=. python -m uvicorn src.receiver:app --host 0.0.0.0 --port 8900
Review the Percept package/source, pin trusted versions, and verify the server behavior before routing ambient conversation transcripts to it.