ClawHub

deprecated ignore

v1.0.5

Connects voice transcripts and agent responses through hotbutter.ai hosted relay for remote voice interaction with openclaw agents.

0· 303·0 current·0 all-time
byMichael Stajer@michael-stajer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and included code all match: the skill connects to a hosted relay (wss://hotbutter.ai), accepts transcribed text from a browser, runs `openclaw agent --session-id <id> -m <text>` locally, and returns stdout back through the relay. The requirement for the `openclaw` CLI is expected and justified.
Instruction Scope
Runtime instructions and code stay within the advertised scope. The skill reads/writes a local config (~/.hotbutter), prompts an optional email, connects to the relay, and executes the local `openclaw` binary. Important privacy implication: agent stdout (which may contain secrets) and transcripts are forwarded over the relay — the SKILL.md warns about this but it is a real exfiltration risk if the agent emits sensitive data.
!
Install Mechanism
The package itself has no platform install spec, but index.html documents an install command that downloads and extracts an archive directly from https://hotbutter.ai (curl | tar). Downloading and extracting archives from a non-vetted domain is higher risk; if you follow that install path you should inspect the archive first or host/verify the code from a trusted source.
Credentials
The skill requests no cloud credentials or unrelated environment variables. It only requires the local `openclaw` binary and stores an optional email in ~/.hotbutter. The absence of extra credentials is proportionate to the stated functionality. Note: sensitive data can be leaked through normal operation if the agent prints secrets.
Persistence & Privilege
always:false and no system-wide config changes beyond writing its own ~/.hotbutter file. It does not modify other skills or request elevated privileges. Autonomous invocation is allowed (platform default) — combined with network relay this increases blast radius for leaked agent output, but this is expected for this skill.
Assessment
This skill is coherent with its description: it intentionally routes transcripts and agent stdout through a hosted relay (wss://hotbutter.ai) and runs your local `openclaw` CLI. Before installing: (1) Understand that anything your agent prints (including secrets) will be forwarded — avoid running agents that can emit credentials or use `--relay-url` to point to a relay you control. (2) Do not run the suggested curl|tar install blindly; inspect the archive first or clone the repository from a trusted source. (3) Review the code (it is small) and verify the `openclaw` binary you invoke is trusted. (4) If you require stronger privacy, use the recommended hotbutter-os/local relay or self-host a relay and start with `voice-bridge start --relay-url wss://your-relay.example.com`.

Like a lobster shell, security has layers — review code before you run it.

ignorevk976927ajhy0f3rke134s4a72x81xngelatestvk976927ajhy0f3rke134s4a72x81xnge

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments