Bidirectional Voice Chat System

What to check before installing or running this skill: - Missing scripts: SKILL.md references hotkey_recorder.py, voice_chat_loop.py, chat.py and other runtime components that are not included. Ask the author for the missing files or disable features that call them. Running instructions that reference absent scripts will fail or be misleading. - Public exposure risk: If you enable 'ngrok' / 'cloudflared' modes or set a real domain, generated voice files under ~/.openclaw/workspace/voice_output will become reachable from the Internet. The bundled HTTP server suppresses access logs, so traffic may not be visible locally. Only expose this if you understand who can access the URLs and you are comfortable with voice data being public. - Credentials and tokens: The skill metadata does not declare any credentials, but ngrok/cloudflared require auth tokens (and Cloudflare Tunnel may require zone credentials). Manage those tokens carefully; do not paste them into untrusted code. The skill does not automatically upload data to any remote service in the provided code, but Edge TTS (edge-tts CLI) likely uses an online service — check its privacy policy. - Telemetry / monitoring: daily_monitor.py writes local reports and runs a local test that invokes generate_voice.py. It does not appear to exfiltrate telemetry, but the code refers to ClawHub stats ('需手动从 ClawHub 获取') without automated upload. If you are uncomfortable with local reports under ~/.openclaw/workspace/memory, inspect or remove that script. - Run in a sandbox first: Execute the scripts in a controlled environment (VM/container) to confirm behavior. Inspect generated URLs and verify that public-tunnel steps are manual and require your explicit tokens/configuration before you go public. - Review edge-tts & third-party binaries: edge-tts and 'hear' are third-party programs; verify their source, CLI behavior (whether they send audio/text to external servers), and install them intentionally. The SKILL does recommend fetching hear from GitHub releases — confirm checksums/limits before placing binaries into ~/.local/bin. If you want, I can enumerate the specific missing script names found in the SKILL.md and produce a minimal checklist of commands to safely test the local-only mode (server bound to localhost, no tunnels) in a sandbox.