discord voice memo upgrade
ReviewAudited by ClawScan on May 10, 2026.
Overview
The patch appears purpose-aligned, but it replaces core bot files and its default debug logging can expose message content and part of a TTS API key.
Treat this as a review-required core patch, not a normal skill. Before installing, inspect the replacement files, remove or mask the debug console.log statements, keep backups, and test outside production first.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this changes the bot's core runtime behavior, not just a small optional plugin.
The skill asks the user to copy replacement JavaScript files into the installed Clawdbot package and restart the bot.
cp patch/dispatch-from-config.js $CLAWDBOT_DIR/lib/node_modules/clawdbot/dist/auto-reply/reply/ cp patch/tts.js $CLAWDBOT_DIR/lib/node_modules/clawdbot/dist/tts/ # 4. Restart clawdbot clawdbot restart
Apply only after reviewing the patch or testing in a non-production bot, and keep the documented backups so you can revert.
Users have less provenance to verify that these replacement files match an upstream fix.
The registry metadata does not provide a source repository or homepage for a package that replaces core bot files.
Source: unknown Homepage: none
Compare the patch against the official Clawdbot/Moltbot source or wait for an upstream release if provenance matters for your deployment.
Bot logs or log aggregation systems could reveal credential material and confirm which TTS account configuration is in use.
The debug logging prints whether an ElevenLabs key is present and includes the first 8 characters of the key.
apiKey=${config.elevenlabs.apiKey ? "SET(" + config.elevenlabs.apiKey.slice(0, 8) + "...)" : "MISSING"}Remove or mask this debug log before installing, especially in production or shared environments.
Private message text or voice memo transcripts may be written to console logs by default.
The patch logs the first 80 characters of the inbound message body during TTS debugging.
console.log(`[TTS-DEBUG] inboundAudio=${inboundAudio} ... Body=${(ctx.Body ?? "").slice(0, 80)}`);Make debug logging opt-in and avoid logging message bodies, or strip these console.log statements before use.
Text intended for speech synthesis may be processed by OpenAI, ElevenLabs, or Edge TTS depending on configuration.
The skill is designed to synthesize replies through external TTS providers, which may require sending reply text to those providers.
"provider": "openai", // or "elevenlabs" or "edge"
Use a provider and configuration that match your privacy requirements, and avoid sending sensitive conversations to external TTS services unless acceptable.