Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Percept Voice Commands
v1.0.0Detects wake words in speech and routes voice commands like email, text, reminders, search, and notes to OpenClaw agents for execution.
⭐ 0· 577·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The README-style instructions claim the skill will route voice commands to an OpenClaw CLI and depend on a percept-listen skill, but the skill metadata declares no required binaries, no config paths, and no primary credential. That omission is inconsistent: a runtime that calls an external CLI or reads local percept/data files would normally declare the CLI binary and config paths.
Instruction Scope
SKILL.md explicitly instructs the agent to read percept/data/contacts.json and percept/data/speakers.json, to consult a dashboard on port 8960, and to dispatch commands to the OpenClaw CLI. Those file/database/dashboard accesses are not declared elsewhere and represent access to potentially sensitive personal data (contacts, speaker IDs) and the ability to execute actions via CLI. The instructions grant broad discretion (two-tier parsing with LLM fallback, general forwarding of 'anything') which could forward arbitrary user input to the agent for execution.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no downloader or install script writing code to disk. That lowers supply-chain risk, but does not remove runtime risks from commands the agent may run based on these instructions.
Credentials
The skill references local config/data files and a dashboard and requires an OpenClaw CLI, but declares no environment variables, no config paths, and no credentials. In particular, contact and speaker JSON files (sensitive user data) are referenced without any explicit permission or path declaration. The lack of declared credentials for OpenClaw CLI usage is an unexplained gap.
Persistence & Privilege
always is false and the skill does not request forced inclusion or elevated platform privileges. Autonomous invocation is allowed (platform default); combined with the other concerns this increases potential impact but on its own is expected.
What to consider before installing
This skill appears to do what it says (detect wake words and forward commands) but its instructions reference local files (percept/data/contacts.json and speakers.json), a dashboard (port 8960), a database, and an OpenClaw CLI without declaring required binaries, config paths, or any auth details. Before installing, ask the publisher for: (1) the exact CLI binary name and required invocation/authorization (how does agent authenticate to OpenClaw?); (2) explicit config paths and file permissions for percept/data/*.json and what data will be read or logged; (3) whether any credentials or network endpoints are required and how they are protected; and (4) an authoritative source or homepage (the SKILL.md links a GitHub repo but registry source is 'unknown'). Restrict the agent’s ability to execute high-risk actions (sending email/SMS, posting to calendars) or require explicit user confirmation for those actions until you’ve validated the integration. If you cannot obtain clear answers or verify the code/source, consider not installing or running this skill in a limited sandboxed environment.Like a lobster shell, security has layers — review code before you run it.
latestvk979zh9ex776pzmhdchs8ts4r581n1w5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.