Percept Voice Commands
WarnAudited by ClawScan on May 10, 2026.
Overview
This voice-control skill is coherent, but it would let ambient wake-word speech trigger broad agent actions like emails, texts, calendar operations, and general OpenClaw commands without clearly documented confirmation or scope limits.
Only install this if you are comfortable with voice commands triggering real agent actions. Before enabling it, verify speaker authorization, disable or restrict the general '[anything]' forwarding path, require confirmations for messages and calendar/account changes, and check how Percept stores or deletes transcript logs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misheard, accidental, or maliciously spoken command from an approved speaker could cause the agent to perform broad actions, including external communications or other agent tasks.
The skill describes forwarding arbitrary voice commands to the OpenClaw CLI for execution, including broad general commands, without documenting confirmation gates or action limits.
General | "Hey Jarvis, [anything]" → forwarded to OpenClaw ... Command dispatched to OpenClaw CLI for execution
Require explicit confirmation for emails, texts, calendar changes, purchases, file changes, or other high-impact actions; restrict the general forwarding path; and document clear allowlists and refusal rules.
Voice commands may act through your email, messaging, calendar, notes, or other connected accounts using whatever permissions your agent already has.
These actions may use the user's existing OpenClaw integrations and account privileges. That is aligned with the stated purpose, but users should understand the delegated authority involved.
Supports email, text, reminders, search, calendar, notes, and custom commands.
Limit connected account scopes where possible and use per-action confirmations for account-changing or externally visible actions.
Private conversations, names, contacts, or sensitive dictated content could be buffered or logged in ways the user may not expect.
The skill processes ambient speech and logs unapproved speakers, but the artifact does not explain transcript/log retention, storage scope, redaction, or reuse boundaries.
Percept buffers incoming transcript segments ... Unapproved speakers are logged but commands are not executed.
Document what speech data is stored, where it is stored, how long it is retained, how to delete it, and whether sensitive commands are redacted before logging or agent forwarding.
The actual wake-word detection, speaker authorization, and command dispatch behavior depends on components outside this skill artifact.
The reviewed artifact is instruction-only and relies on external runtime components not included in this review. This is disclosed, but users cannot verify the enforcement behavior from this artifact alone.
Requirements: percept-listen skill installed and running; OpenClaw agent accessible via CLI
Install only trusted versions of percept-listen, Percept, and the OpenClaw CLI, and review their permissions and logs before enabling always-listening command execution.