Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
telegram-voice-mode
v1.0.0语音回复模式。使用 /voiceMode 切换语音回复模式。 开启后所有回复自动转换为语音发送,关闭后恢复文字回复。 支持 Telegram、iMessage 等渠道的语音消息发送。
⭐ 0· 660·1 current·1 all-time
byWonderChen@jianguopapa
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description claim multi-channel voice replies; code and SKILL.md rely specifically on the OpenClaw CLI and a workspace edge-tts script. The skill hardcodes a default Telegram ID (5500262186) labeled as a specific person, which is not justified by the generic 'voice mode' purpose.
Instruction Scope
Runtime instructions and scripts create files under /tmp and copy to ~/.openclaw/workspace/voice.mp3 and then invoke 'openclaw message send' to deliver media. This will cause the agent to send messages using whatever account the OpenClaw CLI is configured with — combined with the hardcoded default target, it can automatically send audio to an external recipient without additional confirmation.
Install Mechanism
No remote downloads or install steps; the skill is instruction-only with local JS scripts. Nothing is fetched from unknown URLs or extracted to disk by an installer.
Credentials
No declared env vars or credentials, but the code implicitly requires: (1) the OpenClaw CLI to be installed and authenticated (so the skill can send messages), and (2) an edge-tts script at ~/.openclaw/workspace/skills/edge-tts/scripts/tts-converter.js. These implicit dependencies and the hardcoded Telegram ID are not proportionately justified by the description.
Persistence & Privilege
always is false and the skill does not modify other skills' configs. It does, however, write to ~/.openclaw/workspace/voice.mp3 (workspace area) and depends on another skill's files; this cross-skill coupling increases the blast radius if misused but does not itself request elevated platform privileges.
Scan Findings in Context
[child_process-spawn] expected: The scripts use spawn to run node (to invoke the edge-tts converter) and to invoke the 'openclaw' CLI; this is expected for a local TTS + send workflow.
[hardcoded-target-telegram-id] unexpected: scripts/voice-send.js contains a hardcoded DEFAULT_TARGET = '5500262186'. A generic 'voice-mode' skill should not hardcode an external recipient; this could cause unintended messages.
[cross-skill-path-reference] unexpected: Both scripts expect an edge-tts converter at ~/.openclaw/workspace/skills/edge-tts/scripts/tts-converter.js. Implicitly relying on another skill's file path is fragile and could be used to trigger or misuse files belonging to other skills.
What to consider before installing
Before installing: inspect and, if needed, remove the hardcoded DEFAULT_TARGET from scripts; ensure you understand which OpenClaw account the 'openclaw' CLI will use (it will send messages using that account) and test in a safe environment to avoid sending audio to external users. Confirm the edge-tts converter exists in the expected path or modify the script to use an explicit, audited TTS implementation. If you don't want automatic sending, require explicit confirmation or remove the auto-send CLI call. If unsure, run these scripts in a sandboxed account or review them line-by-line with someone who understands your OpenClaw messaging configuration.Like a lobster shell, security has layers — review code before you run it.
latestvk97dd3m548qddn9zqs2gam6pkh82cjra
License
MIT-0
Free to use, modify, and redistribute. No attribution required.