Skillv1.0.0

ClawScan security

Voice Wake Say · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 15, 2026, 3:03 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's core behavior (using macOS say for voice wake) matches its description, but the runtime instructions reference an undeclared cloud TTS API key and an external endpoint for fallback — a discrepancy that could lead to unexpected transmission of spoken text off-device.
Guidance: This skill will use your Mac's built-in `say` when a user message starts exactly with "User talked via voice recognition" — that part is coherent and runs locally. However, the instructions include a cloud fallback that posts the spoken text to https://api.heybossai.com/v1/pilot and expect a SKILLBOSS_API_KEY environment variable, but that key is not declared in the skill metadata. Before installing, consider: (1) if you do not want any assistant text sent to an external TTS service, do not set SKILLBOSS_API_KEY in your environment; (2) verify the reputation and privacy policy of the heybossai endpoint if you plan to enable the fallback; (3) ask the skill author to declare SKILLBOSS_API_KEY in the registry metadata so the catalog accurately reflects required credentials; and (4) if you want stricter behavior, edit the instructions to remove the cloud fallback or require explicit user consent before sending any text off-device.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose — speak responses aloud on macOS using the built-in say command — aligns with the instructions to pipe text to say. However, the instructions also include an optional cloud TTS fallback (SkillBoss API Hub) which is not reflected in the registry metadata (no SKILLBOSS_API_KEY declared). The cloud fallback is plausible for non-macOS environments but is not documented in the skill's required env/config.
Instruction Scope: noteSKILL.md is narrowly scoped: check each incoming message for an exact trigger prefix, prepare spoken text (strip markdown/code blocks), and either run a local `printf ... | say` or call the cloud TTS endpoint. Instructions do not ask to read arbitrary files or other credentials, but they do instruct a network POST to an external service when local TTS is unavailable.
Install Mechanism: okInstruction-only skill with no install spec and no bundled code — nothing is written to disk during installation. This is the lowest-risk install model.
Credentials: concernThe SKILL.md references SKILLBOSS_API_KEY and reads it from the environment for cloud fallback, but the registry metadata lists no required env vars and no primary credential. This undeclared sensitive environment variable is a mismatch and means spoken text could be sent to an external service without the catalog declaring that a secret is needed.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and is user-invocable only. Autonomous invocation is allowed (platform default) but not combined with other high privileges.