WebChat Voice Proxy
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s behavior matches its stated voice-proxy purpose, but users should notice that it persistently modifies OpenClaw’s UI/configuration and uses the gateway token for local authentication.
This deprecated skill appears purpose-aligned, but it makes persistent local changes. Before installing, confirm you are comfortable with a user systemd service, a gateway startup hook, modifications to the OpenClaw Control UI and openclaw.json, and token-authenticated local transcription. Keep it bound to 127.0.0.1 unless you truly need LAN access.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The voice proxy and UI patch can keep running automatically until the user uninstalls or disables them.
The deploy script creates a persistent user systemd service and installs a gateway startup hook so the proxy and UI injection continue after reboot or gateway restart.
systemctl --user enable --now openclaw-voice-https.service ... HOOK_DIR="$HOME/.openclaw/hooks/voice-input-inject"
Install only if you want persistent voice-proxy behavior; use scripts/uninstall.sh or systemctl --user disable openclaw-voice-https.service to revert.
When the gateway starts, the hook can modify the Control UI without a separate prompt at that time.
A gateway startup event runs the bundled shell injection script. The script path is fixed relative to the hook, so this appears purpose-aligned, but it is automatic code execution on startup.
execFileSync("bash", [script], { timeout: 10_000, stdio: "pipe" });Review the hook before deployment and remove ~/.openclaw/hooks/voice-input-inject if you no longer want automatic UI reinjection.
The skill uses your existing OpenClaw gateway token to authorize local transcription requests.
The browser-side script reads the OpenClaw Control UI token from localStorage and sends it as a Bearer token to the local /transcribe proxy.
const raw = localStorage.getItem('openclaw.control.settings.v1'); ... headers['Authorization'] = 'Bearer ' + token;Use this only with trusted local OpenClaw pages and avoid exposing the proxy to untrusted networks.
If configured for LAN access, other devices on the same network may be able to reach the proxy and attempt to interact with OpenClaw services.
LAN exposure is explicitly documented and not the default, but it expands access to the proxy, gateway WebSocket path, and transcription endpoint.
Setting VOICE_HOST=<LAN-IP> exposes the proxy (and by extension the gateway WebSocket and transcription endpoint) to all devices on that network. Only do this on trusted networks.
Keep the default localhost binding unless you specifically need another device to connect, and only use LAN exposure on trusted networks.
Uninstalling could unintentionally remove unrelated OpenClaw allowed-origin entries that share the same port.
The uninstall cleanup removes all allowedOrigins entries containing the configured port, which could also remove another origin on the same port.
cu['allowedOrigins'] = [o for o in orig if f':{port}' not in o]After uninstalling, check ~/.openclaw/openclaw.json if you use multiple Control UI origins on the same port.