ClawHub
Back to skill
v1.0.5

deprecated ignore

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:08 AM.

Analysis

The skill appears to do what it claims—bridge voice text through Hotbutter and run the local OpenClaw agent—but users should be comfortable with agent prompts and replies passing through a hosted relay.

GuidanceInstall this only if you are comfortable with a hosted relay seeing the text of your voice prompts and agent replies. Do not use it for secrets unless you point it at a relay you control or use the local alternative, and ensure your OpenClaw agent’s permissions are appropriate for voice-driven remote interaction.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
lib/agent-bridge.js
const args = [
        'agent',
        '--session-id', sessionId,
        '-m', text,
      ];
...
execFile('openclaw', args, { timeout: 120_000 },

The skill turns incoming text into a local OpenClaw agent invocation. This matches the documented voice-bridge purpose, but users should understand that paired relay messages can cause local agent turns.

User impactIf the relay session receives unintended or malicious text, the local OpenClaw agent may process it and return its output through the bridge.
RecommendationRun the bridge only when you intend to use remote voice control, trust the relay/session you pair with, and keep OpenClaw agent permissions appropriate for voice-driven use.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
package.json
"dependencies": {
    "ws": "^8.18.0"
  }

The package depends on the WebSocket library using a semver range rather than an exact pinned version. This is expected for a Node WebSocket client, but dependency provenance still matters.

User impactA future dependency resolution could install a newer compatible `ws` version than the one originally tested.
RecommendationInstall from trusted registries and consider using a lockfile or pinned dependency version in controlled environments.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
Voice transcripts and agent responses are transmitted through the hosted relay server at `wss://hotbutter.ai`.

The skill intentionally sends transcribed speech and agent response text through a third-party hosted relay. This is clearly disclosed and central to the hosted voice feature.

User impactAnything you say to the agent, and anything the agent prints back, may pass through Hotbutter’s hosted relay.
RecommendationAvoid using this hosted relay for secrets or private data; use `--relay-url` with a relay you control or the local alternative if you need stronger privacy.