Skillv1.0.0

ClawScan security

Feishu Voice Loop · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 5:04 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (local transcription → OpenAI TTS → upload to Feishu), but the registry metadata omits required secrets/config paths, the code hardcodes an ffmpeg path and executes CLI commands sourced from a user config file, and the shipped voice presets include explicitly sexualized/teenage voices — these inconsistencies and content concerns warrant caution before installing or running.
Guidance: Before installing or running this skill: - Expect to provide OPENAI_API_KEY and Feishu app credentials; the code reads ~/.openclaw/openclaw.json if you don't pass --app-id/--app-secret. The package metadata did not declare these requirements — double-check before trusting the skill. - Inspect your ~/.openclaw/openclaw.json: the transcription script will execute the command listed under tools.media.audio.models[0]. If that entry points to an unexpected binary or shell command, it could run arbitrary local code. Only use the skill if that config is safe. - The TTS script hardcodes /opt/homebrew/bin/ffmpeg (may fail on other OSes); consider editing the script to use a generic 'ffmpeg' on PATH or your correct ffmpeg location. - Running the skill will send audio/text data to api.openai.com and open.feishu.cn (OpenAI and Feishu). Don’t use it with sensitive data unless you accept that transmission. - The included voice presets explicitly instruct the model to simulate flirtatious/teenage voices (e.g., "teenage boy" and private-sibling scenarios). This is potentially abusive/unsafe. Remove or edit presets that are inappropriate before use. - If you decide to proceed: run the scripts in a controlled environment first, verify network destinations, and confirm the config entries and commands they will run. If you need a cleaner setup, add required env/config declarations to the skill metadata and replace hardcoded ffmpeg path.

Review Dimensions

Purpose & Capability: noteThe code and SKILL.md align with the described purpose (transcribe local audio, call OpenAI TTS, and post audio to Feishu). However the skill package metadata claims no required env vars or config paths, while the instructions and code actually require OPENAI_API_KEY and Feishu credentials stored in ~/.openclaw/openclaw.json (or passed in). That mismatch is unexpected and reduces trust.
Instruction Scope: concernThe runtime instructions and both scripts read the user's ~/.openclaw/openclaw.json and will execute a CLI command taken from that config for transcription. Executing commands sourced from a user-controlled config is functionally reasonable for a pluggable transcription CLI, but it grants the skill the ability to run arbitrary local commands (whatever is configured). The scripts also transmit data to external endpoints (api.openai.com and open.feishu.cn) — which is intended, but users must understand audio/transcripts and API keys will be sent externally. Additionally, the presets.md contains instructions to produce flirtatious/sexualized "teenage boy" voices, which raises safety and policy concerns and is outside ordinary benign assistant use.
Install Mechanism: noteThere is no install spec (instruction-only), so nothing is written during installation — low install risk. One code issue: openai_tts_feishu.py invokes ffmpeg using a hardcoded path (/opt/homebrew/bin/ffmpeg) while calling ffprobe as 'ffprobe'. This may cause failures on non-macOS/Homebrew systems and is brittle; it may also indicate the author tested only a specific environment.
Credentials: concernThe skill needs an OPENAI_API_KEY and Feishu appId/appSecret (via ~/.openclaw/openclaw.json or CLI args) and requires ffmpeg/ffprobe — all are proportionate to the stated functionality. However the registry metadata declared no required env vars or config paths, which is inconsistent and misleading. Also note: transcription runs whatever command is configured under tools.media.audio.models[0] — that config may itself contain shell commands or point to other tools, so validate that config before use.
Persistence & Privilege: okThe skill does not request persistent/always-on presence and does not modify other skills' configuration. It runs only when invoked; normal autonomous invocation is allowed by default but not set to always:true.