ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

senseaudio-conversation-rehearsal

v1.0.2

Use when a user wants to rehearse a high-pressure conversation such as a performance review, reporting meeting, promotion defense, difficult manager conversa...

0· 132·0 current·0 all-time
byWu Ruixiao@kikidouloveme79
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be an instruction-only rehearsal helper and the description matches the code's functionality (build blueprints, run ASR/TTS, debrief). However the package metadata declares no required env vars/credentials while the SKILL.md and multiple scripts rely on SENSEAUDIO_API_KEY, SENSEAUDIO_PLATFORM_TOKEN, and optionally Feishu app credentials/config. That mismatch (metadata says none required, code actually expects secrets) is incoherent and could trick users into granting access unexpectedly.
!
Instruction Scope
SKILL.md instructs the agent to run many local scripts that do network calls to senseaudio.cn and Feishu, synthesize audio, and optionally create voice clones. The code includes flows that (a) attempt to resolve a platform token from environment or by executing AppleScript that runs JS in Chrome to read localStorage/sessionStorage, and (b) use that token to create clones on the remote platform. Reading browser storage and deriving tokens is outside the expected scope of a 'rehearsal' CLI unless explicitly documented and consented to. The instructions also recommend defaulting to sending counterpart audio to Feishu; Feishu integration requires app credentials/config which are not listed in the declared requirements.
Install Mechanism
There is no install spec or remote download — this is an instruction+script package. No archives are fetched at install time. Risk comes from what the included scripts do at runtime rather than from a suspicious install mechanism.
!
Credentials
Although registry metadata lists no required env vars, the SKILL.md and scripts expect SENSEAUDIO_API_KEY, SENSEAUDIO_PLATFORM_TOKEN (and SENSEAUDIO_ASR_MODEL optional), and Feishu config (app_id/app_secret) via helper modules. The skill contains code to extract tokens from Chrome localStorage and to read workspace files (~/.audioclaw/workspace/state/senseaudio_credentials.json) — access to browser/local storage and unrelated platform tokens is disproportionate for a simple rehearsal tool and increases credential exfiltration risk if misused.
Persistence & Privilege
The skill is not flagged as always:true and does not self-enable other skills. However it requests the agent run OS-level tooling (osascript on macOS), inspects the browser session, and accesses local workspace state. Those runtime privileges are significant: while not permanent, they broaden the blast radius when the skill is executed (especially the Chrome-localStorage token extraction flow).
What to consider before installing
What to consider before installing or running this skill: - Declared vs actual requirements: The registry lists no credentials, but the skill expects SENSEAUDIO_API_KEY and may attempt to find a SENSEAUDIO_PLATFORM_TOKEN and Feishu credentials at runtime. Treat the package as needing secrets unless you audit and disable those flows. - Chrome token access: The included code can run osascript/AppleScript to execute JavaScript in Chrome tabs and read localStorage/sessionStorage to extract tokens. This is a sensitive operation — only run it if you understand and consent to the skill reading your browser session. If you won't supply tokens explicitly, disable or remove the Chrome-resolution paths. - Voice cloning flow: The package includes an automated 'clone' path that will upload audio to a remote platform if you enable create-clone. Do not enable clone creation unless you control the sample and have explicit consent from the person whose voice is used. - Feishu integration: The send-to-Feishu flow will require Feishu app credentials and may upload and send audio. The skill does not declare these requirements in metadata — review and control any Feishu app_id/app_secret used. - Mitigations: (1) Prefer running scripts with explicit --api-key and avoid using the platform-token/browser-token automation. (2) Run in an isolated environment (VM/container) and inspect network calls with e.g., a proxy if you are unsure. (3) If you don't need cloning, avoid the create-clone/authorized_clone paths or remove scripts senseaudio_clone_workspace.py and senseaudio_platform_token.py. (4) Audit any code that loads other skill modules (e.g., Feishu helper) to ensure it doesn't escalate privileges. (5) If you don't trust the remote AudioClaw/SenseAudio endpoints, do not provide SENSEAUDIO_API_KEY and stick to proxy_voice mode. If you want, I can point out the exact lines that perform Chrome localStorage extraction and where tokens/paths are referenced so you can remove or sandbox them.

Like a lobster shell, security has layers — review code before you run it.

latestvk978dc4e2cvh9hffjhqn235dv583capp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments