Skillv1.0.4

ClawScan security

Voice Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 12, 2026, 8:29 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and required credentials align with a Windows voice-assistant: the requested keys and binaries are proportional to the stated functionality and there are no obvious signs of misdirection or hidden exfiltration.
Guidance: This skill appears to do what it says: it listens on your microphone, transcribes speech locally, sends text to your configured OpenClaw gateway, and uses ElevenLabs to generate speech audio. Before installing: - Understand what keys you provide: ELEVENLABS_API_KEY will cause text sent to the assistant to be sent to ElevenLabs for TTS (possible privacy and billing implications). Use a dedicated API key if you’re concerned about data exposure or costs. - Keep GATEWAY_URL pointed to a local gateway (default is ws://127.0.0.1:18789). Do not supply a token that grants broad access to a remote gateway unless you trust that endpoint; the client authenticates as a node with operator.write in the example handshake. - PORCUPINE_ACCESS_KEY is required for wake-word; Picovoice keys may expire. - The code creates temporary WAV files and asset files under the skill folder; ensure you run it from a directory you control. - The skill installs third-party Python packages and will (on first run) download Whisper models (~100–150MB or larger for bigger models). Consider installing and running in a virtualenv or isolated environment. - If you need stronger guarantees, review the included Python files yourself (we inspected them) or run the assistant in a sandboxed/isolated VM to monitor network calls and file writes. Overall: coherent and consistent with its stated purpose, but treat the API keys and gateway token as sensitive and verify the gateway target before use.

Review Dimensions

Purpose & Capability: okName/description match the implementation. ELEVENLABS_API_KEY for TTS, PORCUPINE_ACCESS_KEY for Porcupine wake-word, and GATEWAY_URL/GATEWAY_TOKEN for the OpenClaw gateway are all required and used in the code. Requiring Python and listed pip packages is expected for a local Python assistant.
Instruction Scope: okSKILL.md instructions are concrete and limited to installing dependencies, populating .env, running the assistant, and optionally generating audio assets. Runtime code only reads .env (declared), listens to the microphone, connects to the configured gateway, calls ElevenLabs for TTS, and uses Picovoice and Whisper for wake/STT. There are no instructions to read unrelated system files or to transmit data to unexpected external endpoints beyond ElevenLabs and the configured gateway.
Install Mechanism: okNo special install script or remote archive is pulled; the developer expects users to pip-install dependencies from requirements.txt. Dependencies are standard (pvporcupine, faster-whisper, elevenlabs, av, etc.). This has normal risk (third‑party packages, model downloads) but no unusual download URLs or extraction of arbitrary remote code.
Credentials: noteRequested environment variables (GATEWAY_URL, GATEWAY_TOKEN, ELEVENLABS_API_KEY, PORCUPINE_ACCESS_KEY) are all used by the code and justified by the skill's purpose. Caveats: ELEVENLABS_API_KEY is the primary credential and will cause assistant text to be sent to ElevenLabs for TTS (possible privacy/cost implications). GATEWAY_TOKEN is used to authenticate to the OpenClaw gateway (the client requests operator role/scopes in the handshake), so if you point GATEWAY_URL to a remote gateway or provide a token with broad scopes it could carry more risk; by default GATEWAY_URL targets localhost.
Persistence & Privilege: okalways:false and user-invocable:true (defaults) — the skill does not request permanent platform-level inclusion. It does offer optional auto-start guidance (creating a startup shortcut), but that is a user action rather than an automatic change. The skill does not modify other skills or system-wide agent settings.