Back to skill
Skillv1.1.0
VirusTotal security
Bidirectional Voice Chat System · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:55 AM
- Hash
- ada1111f16b28f891824ae70fc9f5532254f06966a97cede456544b873847e43
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: voice-chat-bridge Version: 1.1.0 The skill is classified as suspicious due to several risky capabilities and potential vulnerabilities, though without clear malicious intent. The `SKILL.md` contains instructions for the AI agent to modify its internal state (`connection` and `habits.json`), which is a form of prompt injection vulnerability. Additionally, the installation instructions in `SKILL.md` for the `hear` tool involve downloading and executing a binary from a remote URL (`curl -LO ... unzip ... cp`), posing a supply chain risk if the source were compromised. Finally, the skill leverages tools like Cloudflare Tunnel and Ngrok to expose local services to the public internet, a powerful capability that, while intended for benign purposes (serving voice files), introduces a significant attack surface if misused or if the exposed service were to become vulnerable.
- External report
- View on VirusTotal