Voice Assistant
PassAudited by ClawScan on May 10, 2026.
Overview
The artifacts match a disclosed Windows voice assistant; it uses microphone access, gateway access, and TTS services as expected, with no hidden exfiltration or destructive behavior found.
This skill appears safe for its stated purpose, but install it only if you are comfortable with an always-available microphone assistant that can send recognized speech to your OpenClaw gateway and send response text to ElevenLabs for speech synthesis. Protect the .env file and pause or quit the tray app when you do not want it listening.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Someone or something that triggers the wake word could cause spoken words to be sent to OpenClaw as a chat message.
Voice input is automatically converted into gateway chat messages after wake-word, hotkey, or follow-up activation. This is the intended purpose, but it means false activations can submit unintended prompts.
Wake — Porcupine detects the wake word... Record... Gateway — Sends text to OpenClaw gateway via WebSocket... Follow-up — Automatically listens for 5s after speaking
Use a distinctive custom wake word, keep the tray pause/quit controls handy, and rely on OpenClaw approval controls for any high-impact actions the agent might take.
If the token or .env file is exposed, another process could potentially use the same gateway access.
The skill authenticates to the OpenClaw gateway with a token and requests write authority so it can submit chat messages. This is purpose-aligned but is delegated account authority.
"role": "operator", "scopes": ["operator.write"], "auth": { "token": GATEWAY_TOKEN }Protect the .env file, keep the gateway URL trusted, and use the least-privileged gateway token available.
A future dependency version could behave differently from the version originally tested.
The Python dependencies are installed from package names with lower bounds or no exact pins. This is common and purpose-aligned, but dependency behavior can change over time.
pvporcupine>=3.0 faster-whisper>=1.0 elevenlabs>=2.0 av sounddevice numpy websockets>=12.0
Install in a virtual environment, consider pinning versions or using a lockfile, and avoid installing from untrusted package indexes.
Spoken prompts and AI responses may be processed by the configured gateway and ElevenLabs service.
The architecture explicitly routes transcribed speech to the configured OpenClaw gateway and routes assistant response text to ElevenLabs for TTS. These flows are disclosed and necessary for the skill.
faster-whisper STT ... text ... GatewayClient WebSocket to ws://127.0.0.1:18789 ... ElevenLabs API
Use only trusted gateway URLs, review ElevenLabs privacy terms, and avoid speaking sensitive information if you do not want it processed by those services.
If configured for startup, the assistant may begin listening after login until paused or quit.
The skill documents background operation and optional startup persistence. It is disclosed and user-directed, with visible pause/resume/quit controls.
Use `start.bat` to launch without a console window... system tray icon with Pause/Resume/Quit controls. For auto-start on Windows, create a shortcut to `start.bat` in `shell:startup`.
Only add it to Windows startup if you want continuous availability, and use the tray controls when you do not want it listening.