Speaches

PassAudited by ClawScan on May 12, 2026.

Overview

This skill appears to do what it says: connect OpenClaw speech features to a configurable Speaches server, but your voice/text and Speaches API key go to that configured server.

This appears reasonable for users who run or trust a Speaches server. Before installing, confirm the baseUrl points to your intended local/private endpoint, avoid sending audio or API keys to untrusted remote servers, and use locked dependencies if your environment requires stronger supply-chain control.

Publisher note

This plugin connects to a user-configured local Speaches HTTP/WebSocket server for realtime STT and OpenAI-compatible TTS. Network access is expected for local/private Speaches endpoints such as http://127.0.0.1:8000/v1.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI03: Identity and Privilege Abuse

What this means

If you configure a remote or untrusted base URL, that endpoint will receive the Speaches API key.

Why it was flagged

The plugin reads a Speaches API key from config or environment and sends it as a Bearer token to the configured provider endpoint. This is expected for authenticated provider access, but it is still credential use.

Skill content

apiKey: readString(raw.apiKey) ?? process.env.SPEACHES_API_KEY ?? DEFAULT_API_KEY,
...
headers: { Authorization: `Bearer ${this.config.apiKey}` }

Recommendation

Use a trusted local/private Speaches server, and only set SPEACHES_API_KEY for endpoints you intend to authenticate to.

Low

#ASI07: Insecure Inter-Agent Communication

What this means

The configured Speaches server can receive and process call or microphone audio, and may return transcripts.

Why it was flagged

The realtime transcription provider opens a WebSocket to the configured Speaches URL and streams base64-encoded audio. This is the core STT function, but it sends potentially sensitive voice content across a provider boundary.

Skill content

this.ws = new WebSocket(url, {
...
const json = JSON.stringify({ type: "input_audio_buffer.append", audio: payload.toString("base64") });

Recommendation

Keep the default localhost/private endpoint unless you trust the remote server and network path; prefer HTTPS/WSS for non-local deployments.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Future installs may resolve to a newer compatible ws release depending on the package manager and lockfile behavior.

Why it was flagged

The plugin depends on the ws package using a semver range. This is normal for a WebSocket-based provider, but it means dependency resolution may accept compatible future updates.

Skill content

"dependencies": {
  "ws": "^8.20.0"
}

Recommendation

For high-assurance environments, install from a trusted package source and use lockfiles or pinned dependency resolution.