Skillv0.1.1

ClawScan security

WebChat Voice GUI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 20, 2026, 2:01 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requested files, scripts, and behavior align with its stated purpose (injecting a local mic UI and sending audio to a local STT service), but it persistently modifies the Control UI files and registry metadata appears malformed — review and backup before installing.
Guidance: This skill appears to do what it says: add a local mic button and send audio to a local faster-whisper endpoint. Before installing: 1) Back up your openclaw/dist/control-ui/index.html (and assets) so you can revert easily. 2) Confirm the registry metadata bug (the UI showed "Required env vars: [object Object]") and verify there are no hidden env/credential requirements. 3) Ensure you trust the local faster-whisper service and webchat-https-proxy it depends on (they receive audio data). 4) Review the included scripts (deploy.sh, inject.sh, handler.ts, uninstall.sh) — they are readable, idempotent, and user-level but will modify the global Control UI and install a hook under ~/.openclaw/hooks. 5) To remove the changes, run scripts/uninstall.sh (it attempts to remove the hook and injected files). If you are uncomfortable with persistent modifications to the Control UI or you cannot easily restore the original index.html, do not install until you have a backup or can test in an isolated environment.

Review Dimensions

Purpose & Capability: noteThe skill's declared dependencies (webchat-https-proxy and a local faster-whisper STT service) match its description of providing local speech-to-text and using a same-origin /transcribe endpoint. It modifies the Control UI (index.html and assets) and installs a gateway hook so the injection survives updates — this is coherent for a UI-injection skill. One inconsistency: the registry metadata shows "Required env vars: [object Object]" (likely a serialization bug) while the SKILL.md only requires an optional VOICE_LANG; confirm the metadata before installing.
Instruction Scope: okSKILL.md and included scripts limit actions to copying JS/i18n files, injecting a <script> tag into the Control UI index.html, and installing a user-level startup hook that reruns the injector. The client JS uses MediaRecorder and posts audio to /transcribe (or localhost:18790 for dev). There are no instructions to read unrelated system files or to send data off-host. The skill does perform DOM operations to insert text/send messages in the chat UI, which is expected for this feature.
Install Mechanism: noteThere is no remote download/install step — deployment is handled by local scripts that copy bundled assets into ~/.openclaw/workspace and the global openclaw control-ui directory (found via npm -g root). That is lower risk than fetching remote code, but the scripts will write into the global Control UI (npm-global) and user hooks (~/.openclaw/hooks). This is expected for a UI patch but is persistent and affects files outside the skill's own directory.
Credentials: okNo secrets/credentials are requested. The only declared environment-related inputs are optional VOICE_LANG and the optional OPENCLAW_UI_DIR/WORKSPACE overrides used to locate Control UI and workspace paths. The skill checks systemctl state of local services but does not require tokens or keys. The malformed registry metadata for env vars should be clarified.
Persistence & Privilege: noteThe skill installs a gateway startup hook under ~/.openclaw/hooks/voice-input-inject to re-run the injector on gateway startup, and it edits the Control UI index.html and copies an asset into the global openclaw install. This grants persistent, user-level presence that survives updates (intended for this plugin). It does not request always:true or root/sudo. Because it modifies the main Control UI, you should be aware the change affects the broader UI and persists until uninstalled.