hotbutter voice chat
ReviewAudited by ClawScan on May 10, 2026.
Overview
The code is mostly transparent about using Hotbutter’s hosted relay, but the registry description says local/self-hosted while the skill sends transcripts and agent outputs through hotbutter.ai and triggers local OpenClaw agent runs.
Review this carefully before installing. Use it only if you are comfortable with voice transcripts and agent responses passing through hotbutter.ai, or configure `--relay-url` to a relay you control. Also make sure you understand what your local OpenClaw agent is allowed to do, because this bridge forwards paired voice-session messages directly to that agent.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install expecting a local private setup, while their transcripts and agent responses actually pass through a hosted third-party relay by default.
This description suggests a local/self-hosted privacy posture, but the SKILL.md and code default to the hosted hotbutter.ai relay. That mismatch could cause users to trust the data flow more than they should.
Description: Enables local voice chat by embedding Hotbutter relay server and PWA, providing speech-to-text and text-to-speech via a secure, self-hosted connection.
Update the registry description to clearly say this is hosted by default, or make self-hosted relay use the default. Keep the hosted-relay warning visible before installation.
Anything said to the agent, and anything the agent prints back, may transit hotbutter.ai; accidental secrets in agent output could be exposed to that relay path.
The hosted relay receives speech transcript text and local agent response text. This is purpose-aligned and disclosed, but it is sensitive data movement outside the local machine.
**This skill routes data through hotbutter.ai.** Voice transcripts and agent responses are transmitted through the hosted relay server at `wss://hotbutter.ai`.
Use `--relay-url` with a relay you control for private sessions, and avoid using this hosted mode for conversations that may include credentials, secrets, or private data.
Anyone or anything that can send messages into the paired relay session could prompt the local agent, subject to whatever permissions the local OpenClaw agent has.
The skill turns incoming relay messages into local OpenClaw agent invocations. `execFile` with a fixed binary reduces shell-injection risk, but the local agent is still being driven by messages delivered through the relay session.
execFile('openclaw', args, { timeout: 120_000 }, (err, stdout, stderr) => {Pair only with a trusted client and relay, stop the bridge when not in use, and keep the local agent’s tool/file permissions limited for voice sessions.
Installers or users relying only on registry metadata may not realize the skill needs the local OpenClaw CLI and npm dependency resolution.
The metadata under-declares runtime/setup needs: package.json declares `requiredBinaries: ["openclaw"]` and an npm dependency, and index.html documents an npm install flow. This is a disclosure gap rather than evidence of hidden execution.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Declare the `openclaw` binary requirement and install method in registry metadata, and provide a verifiable source/homepage or lockfile for dependency review.