v1.0.1

senseaudio-let-claw-talkv1

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:36 AM.

Analysis

This looks like a real continuous voice-assistant skill, but it deserves review because it keeps a microphone workflow active, sends speech/text to SenseAudio, and by default accepts wake-word speech without speaker verification.

GuidanceInstall only if you are comfortable with a continuous voice assistant that sends speech to SenseAudio and forwards transcribed speech to AudioClaw. Use it in a private setting, protect the SenseAudio credentials file and AudioClaw state directory, keep optional WeSpeaker bound to localhost, and consider enabling speaker verification before using it for sensitive tasks.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityMediumConfidenceHighStatusConcern

SKILL.md

用户语音通过 SenseAudio ASR 转文字，再发给 audioclaw agent ... 默认不会开启 WeSpeaker 声纹验证 ... 默认唤醒词是 `贾维斯`

The skill routes recognized speech into the agent while explicitly defaulting speaker verification off, relying mainly on a public wake phrase.

User impactSomeone nearby, or audio played through speakers, could wake the assistant and have their speech treated as instructions to the AudioClaw agent.

RecommendationUse this only in trusted environments, consider enabling WeSpeaker or another speaker-verification control, and avoid using it for sensitive agent actions without confirmation.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

SKILL.md

py -3 -m pip install numpy sounddevice webrtcvad

The documentation asks the user to install unpinned Python audio dependencies manually.

User impactManual unpinned installs are common for audio tooling, but they rely on the current package sources and versions at install time.

RecommendationInstall dependencies from trusted package indexes, prefer a virtual environment, and pin versions if reproducibility matters.

Rogue Agents

SeverityLowConfidenceHighStatusNote

scripts/local_wespeaker_client.py

subprocess.Popen(... stdin=subprocess.DEVNULL, start_new_session=True, env=env)

When WeSpeaker is enabled, the client can launch a detached background service.

User impactA background speaker-verification process may keep running after the initial command window unless stopped.

RecommendationOnly enable WeSpeaker when needed, monitor the documented state/log files, and use the provided stop behavior or terminate the service when finished.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

scripts/configure_senseaudio_credentials.py

payload["SENSEAUDIO_API_KEY"] = args.api_key.strip() ... target.write_text(json.dumps(payload

The helper writes SenseAudio API keys into a local JSON credentials file.

User impactThe SenseAudio key is needed for the service, but anyone with access to the local credentials file may be able to use the account quota or service.

RecommendationStore the credentials file in a protected user account, avoid sharing it, and rotate the key if the machine or file may be exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

默认会从 `~/.audioclaw/workspace/state/voiceclaw_preferences.json` 读取已记住的用户偏好 ... 运行时事件日志：`~/.audioclaw/workspace/state/voiceclaw_runtime.log`

The skill reads persistent preferences and writes runtime logs in the user workspace.

User impactSaved preferences and logs can affect later behavior or reveal conversation/runtime details if another local process or user can read them.

RecommendationReview and protect the AudioClaw workspace state directory, and clear logs/preferences if they contain sensitive information.

Insecure Inter-Agent Communication

SeverityLowConfidenceMediumStatusNote

scripts/local_wespeaker_service.py

serve.add_argument("--host", default="127.0.0.1") ... if self.path == "/enroll": ... if self.path == "/verify":

The optional WeSpeaker component exposes local HTTP endpoints for enrollment and verification, defaulting to localhost.

User impactThe default local binding limits exposure, but local processes could interact with the speaker-verification service, and changing the host could expose it more broadly.

RecommendationKeep the WeSpeaker service bound to 127.0.0.1, do not expose its port to a network, and stop it when not needed.