VoiceMonkey
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill matches its stated purpose, but it gives an agent sensitive control over Alexa devices and routines without documented confirmation or scope safeguards.
Review before installing. This appears to be a straightforward VoiceMonkey integration, but it can control Alexa-connected devices and routines. Only install it if you are comfortable letting an agent use your VoiceMonkey token, and require clear user confirmation for each announcement, routine, flow, website, or media action.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used accidentally or from an ambiguous request, the agent could make unwanted announcements, play media, open websites, or trigger Alexa routines/flows on configured devices.
The skill enables direct actions on Alexa-connected devices, including routine and flow execution, but the artifacts do not define confirmation requirements, allowed device scope, or safeguards around potentially impactful routines.
Make TTS announcements, trigger Alexa routines, start flows, and display images/videos on Echo Show devices.
Use this only with explicit per-action confirmation, verify the target device/routine/flow before execution, and avoid granting access to routines that control locks, alarms, purchases, or other high-impact devices.
Anyone who obtains the token may be able to control the user's configured VoiceMonkey devices and routines.
The VoiceMonkey token is clearly required and purpose-aligned, but it is a privileged credential for controlling the user's VoiceMonkey/Alexa integration. The documentation also shows a query-parameter token method, though it recommends the Authorization header.
export VOICEMONKEY_TOKEN="your-secret-token" ... Authorization: $VOICEMONKEY_TOKEN ... token=$VOICEMONKEY_TOKEN
Store the token securely, prefer the Authorization header over URL query parameters, rotate the token if exposed, and use the least-privileged token options available from the provider.