ClawHub

VoiceMonkey

v1.0.0

Control Alexa devices via VoiceMonkey API v2 - make announcements, trigger routines, start flows, and display media.

1· 1.8k·0 current·0 all-time
by@jayakumark
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (VoiceMonkey control of Alexa devices) aligns with required credential VOICEMONKEY_TOKEN and the API endpoints shown in SKILL.md. No unrelated services, binaries, or config paths are requested.
Instruction Scope
SKILL.md is an instruction-only integration that demonstrates direct API calls (curl) to VoiceMonkey endpoints and shows how to set the VOICEMONKEY_TOKEN. It also suggests storing the token in ~/.clawdbot/clawdbot.json; this is reasonable but worth noting because it instructs where to persist the secret.
Install Mechanism
No install spec and no code files — lowest-risk model for install. The skill is purely instructions showing HTTP API usage.
Credentials
Only one required environment variable (VOICEMONKEY_TOKEN) is declared and used consistently in examples. This credential is necessary and sufficient for the described API operations, though it grants full control of connected devices.
Persistence & Privilege
always is false and there is no installation that modifies other skills or system-wide settings. Note: model invocation is allowed (default), so the agent could call the API autonomously if permitted by the platform.
Assessment
This skill appears to do what it says: it uses a single VoiceMonkey API token to call VoiceMonkey endpoints to announce messages, trigger routines, start flows, and display media on Echo devices. Before installing, consider: (1) the VOICEMONKEY_TOKEN is powerful — anyone with it can control your Echo/Alexa devices, so only provide a token you trust the skill with; (2) the SKILL.md suggests storing the token in ~/.clawdbot/clawdbot.json — keep that file protected (restrict file permissions) or prefer setting the token as an environment variable; (3) because the agent can invoke the skill autonomously (default), review agent policies or prompts that could cause unintended announcements/triggers. If you need more assurance, ask the skill author for a privacy/security statement or request the skill be implemented as an explicit, non-autonomous action.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f2ybjqrbz4xzej0chr49a0n7z0d7t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐒 Clawdis
EnvVOICEMONKEY_TOKEN
Primary envVOICEMONKEY_TOKEN

Comments