ClawHub

deprecated ignore

PassAudited by ClawScan on May 10, 2026.

Overview

This skill openly acts as a hosted voice bridge: it sends transcripts and agent replies through hotbutter.ai and runs your local OpenClaw CLI, which matches its stated purpose but is not private/local-only.

Install this only if you are comfortable with a hosted relay carrying your transcript text and agent replies, and with a paired browser voice session sending prompts to your local OpenClaw agent. For private or sensitive work, use your own relay or the local alternative, and avoid running agents that may print secrets.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note
ASI02: Tool Misuse and Exploitation
What this means

Anything you say through the paired voice session can be passed to your local OpenClaw agent, which may have whatever local tools or permissions your agent normally has.

Why it was flagged

The skill invokes the local OpenClaw CLI with transcript text as an agent message. This is clearly part of the stated voice-bridge design, but it gives the paired relay session a path to drive local agent behavior.

Skill content
execFile('openclaw', args, { timeout: 120_000 }, (err, stdout, stderr) => {
Recommendation

Use this only with agents and tool permissions you are comfortable controlling by voice, and stop the bridge when you are done.

Note
ASI07: Insecure Inter-Agent Communication
What this means

Sensitive words you speak, and sensitive information printed by your agent, may pass through the hosted relay.

Why it was flagged

The skill explicitly sends conversation text through an external hosted relay. This is disclosed and purpose-aligned, but it means the interaction is not local-only.

Skill content
Voice transcripts and agent responses are transmitted through the hosted relay server at `wss://hotbutter.ai`.
Recommendation

Avoid using this for secrets or private data, or configure `--relay-url` to use a relay you control.

Note
ASI04: Agentic Supply Chain Vulnerabilities
What this means

Your installed copy may include npm dependency code that is not shown in the submitted source listing.

Why it was flagged

The package relies on an npm dependency resolved by a version range. That is common for Node packages, but installation may fetch dependency code outside the reviewed artifact set.

Skill content
"dependencies": {
    "ws": "^8.18.0"
  }
Recommendation

Install from a trusted source and consider reviewing or locking dependencies before use in sensitive environments.