Chatbot
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill may require giving the agent access to a SenseAudio API key, which can authorize actions on that service.
The skill requires and uses a SenseAudio API key for provider API calls, while the registry-level requirements say no environment variables are required.
required_credentials:
- name: SENSEAUDIO_API_KEY
description: API key from https://senseaudio.cn/platform/api-key
env_var: API_KEY ... headers = {"Authorization": f"Bearer {API_KEY}"}Use a dedicated, least-privileged API key, keep it server-side or in a secure environment variable, and rotate it if exposed.
Voice audio, conversation context, and session credentials may be sent through SenseAudio infrastructure; mishandled tokens could expose a live session.
The skill’s examples create provider-backed real-time voice sessions and handle room IDs, app IDs, and session tokens.
Build real-time voice chatbot applications with natural conversation flow, emotion recognition ... Use WebRTC or WebSocket for real-time audio ... session_info = {"room_id": room_id, "token": token, "app_id": app_id}Confirm user consent and privacy requirements for voice/emotion data, use HTTPS/WSS or secure WebRTC, avoid exposing provider API keys in client code, and treat room/session tokens as sensitive.