ClawVoice
v0.0.2Connects to a live voice session, receiving and sending messages in real time via a WebSocket interface using the bundled client script.
⭐ 1· 2k·1 current·1 all-time
by@niczy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The SKILL.md and client.py both implement a WebSocket client that sends/receives voice-transcribed messages and (optionally) forwards them to the local `openclaw agent`. Required resources (none) match the described functionality; nothing requested is unrelated to a voice-agent bridge.
Instruction Scope
The runtime instructions are narrowly scoped to connecting to a WebSocket, sending/receiving JSON messages, and optionally running `openclaw agent` for each user message. This will forward user text to the local agent and return its stdout to the user — expected for a voice bridge. Minor caution: the skill executes a local CLI (`openclaw agent`) with user content quoted and returned; that means whatever the local agent can do (and any logs it writes) may be involved in these sessions.
Install Mechanism
Instruction-only skill with no install spec and only a small Python client; nothing is downloaded or written to disk beyond running the provided script.
Credentials
The skill declares no environment variables, credentials, or config paths. The code uses a default localhost WebSocket and allows an override via `--url`. No unexpected secrets are requested.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not modify other skills or system configuration. It runs as an invoked process and forwards messages as documented.
Assessment
This skill is a simple WebSocket-to-agent bridge: it connects to a WebSocket (default ws://localhost:3111/connect), sends/receives JSON messages, and can forward each user message to your local `openclaw agent` CLI and return its stdout. Before installing or running it, consider: (1) it will forward user transcripts to the local agent — ensure you trust what the agent does and logs; (2) it spawns a shell command to run `openclaw agent` (the message is safely quoted with shlex.quote, reducing shell-injection risk, but you should still be cautious about running arbitrary user-supplied content in your environment); (3) the `--url` option can point to a remote WebSocket if changed — only use trusted endpoints. If you want extra safety, run this skill in a restricted/sandboxed environment or inspect/limit what the local `openclaw agent` is allowed to do.Like a lobster shell, security has layers — review code before you run it.
latestvk97a6z6j1stvj5ca2jt6r4fnw580e9ja
License
MIT-0
Free to use, modify, and redistribute. No attribution required.