Skillv1.0.0

ClawScan security

Lovefromio Jarvis Voice · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 27, 2026, 2:05 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (local TTS + audio styling) matches the required binaries, but important pieces are missing or inconsistent (a referenced 'jarvis' script is not included and metadata owner IDs differ), so you should not install blindly.
Guidance: Do not install or enable automatic invocation yet. Before proceeding: (1) Ask the publisher for the actual 'scripts/jarvis' script and inspect its contents — do not copy a binary/script from an untrusted source. (2) Verify the repository/owner identity (the _meta.json ownerId differs from the registry header). (3) Only install sherpa-onnx from its official docs/releases and confirm models are authentic. (4) If you allow the agent to auto-run 'jarvis' for every response (the SOUL.md change), ensure the script is audited — otherwise it could execute arbitrary local commands. If the author cannot provide the missing script and explain the owner mismatch, treat the package as untrusted.

Review Dimensions

Purpose & Capability: noteRequiring ffmpeg and aplay is coherent with a local TTS voice persona. Asking the user to install sherpa-onnx (local TTS) is also proportional. However the SKILL.md refers to a scripts/jarvis file and lists that file under "Files," but no such script is actually included in the package—this mismatch is unexplained. Additionally the _meta.json ownerId does not match the registry owner id in the header, which is another inconsistency.
Instruction Scope: concernInstructions tell the user (or the agent) to copy {baseDir}/scripts/jarvis to ~/.local/bin/jarvis and to edit that script; because the package contains no script, it is unclear where this code should come from. The SKILL.md also instructs adding an agent communication protocol entry (SOUL.md) that makes the agent invoke the 'jarvis' command for every response — that would cause the agent to run a local binary on each response. Without the actual script to audit, that grants potential execution of arbitrary local code and is a meaningful scope creep.
Install Mechanism: okThis is instruction-only (no install spec), so nothing in the skill will be written or downloaded automatically. The only install step is a manual reminder to install sherpa-onnx per its documentation. That lowers risk compared to forced downloads; however because the skill references a script that isn't included, users may be prompted to fetch a script from elsewhere—exercise caution with any external downloads.
Credentials: okNo environment variables, credentials, or config paths are requested. The declared required binaries (ffmpeg, aplay) are reasonable for the described audio processing and playback tasks.
Persistence & Privilege: noteThe skill is not marked 'always' and has normal autonomous invocation allowed. The SKILL.md's suggested change to SOUL.md would make the assistant run a local 'jarvis' command for every response if applied — that is a user-controlled change but increases the blast radius because it causes repeated execution of a local executable. Since the script is not included for auditing, enabling that behavior is risky.