Back to skill
Skillv1.0.1
VirusTotal security
Pi Speaker · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:30 AM
- Hash
- 6762804eb4bd07e07c803ce1c49dd10142be134ad004f6acf9985e283359099e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pi-speaker Version: 1.0.1 The skill enables local audio playback by instructing the AI agent to generate TTS and then execute shell commands (pw-play, paplay, or a provided script) directly on the host system. While this functionality is aligned with the stated purpose of a Raspberry Pi speaker, the instructions explicitly direct the agent to use the bash/exec tool without sandboxing or with elevated privileges. This represents a high-risk capability and a significant attack surface, as it relies on the agent to correctly handle shell execution and file paths (SKILL.md, openclaw-speaker-play.sh).
- External report
- View on VirusTotal