ClawHub

Voice Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed voice assistant whose microphone, gateway, and ElevenLabs behavior matches its stated purpose, though users should treat it as privacy-sensitive.

Install only if you are comfortable with a microphone assistant that can send recognized speech to your OpenClaw gateway and send assistant response text to ElevenLabs for TTS. Protect the .env file, use a least-privileged gateway token, keep GATEWAY_URL pointed at a trusted gateway, and pause or quit the tray app when you do not want listening active.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill description discusses microphone capture, transcription, gateway streaming, and ElevenLabs TTS, but it does not prominently warn users that audio-derived data and conversation text may leave the local machine and be processed by external services. In a voice assistant context, this omission can mislead users about privacy expectations and result in unintentional disclosure of sensitive spoken content.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation states that the assistant automatically listens for 5 seconds after speaking, but it does not present this as an explicit privacy/safety warning. Users may reasonably assume listening ends after the response, so this hidden follow-up capture increases the risk of recording nearby or unintended speech.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The assistant transcribes microphone input and forwards the resulting text to a gateway service without any explicit runtime notice or consent flow informing the user that spoken content leaves the local speech-to-text component. In an always-on voice assistant, this creates a meaningful privacy risk because users may reasonably assume processing is local after wake-word detection and may disclose sensitive information unintentionally.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code sends arbitrary text to the external ElevenLabs API for speech generation, which can expose user prompts, assistant responses, or other sensitive content to a third party without any user-facing notice or consent mechanism in this component. In a voice-assistant skill, spoken content may include private conversational data, making this more sensitive than a purely local TTS implementation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal