Voice Translator
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: voice-translator Version: 1.0.0 The skill is a legitimate voice translation tool that interfaces with the SenseAudio API (senseaudio.cn) for speech-to-text and text-to-speech services. The provided Python code in SKILL.md implements standard audio processing workflows, including temporary file handling and playback via system utilities like afplay or mpg123. No indicators of data exfiltration, malicious command execution, or prompt injection were found; the use of subprocess.run is restricted to hardcoded audio player commands.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill must provide an API key that may allow usage of their SenseAudio account or quota.
The skill requires a SenseAudio API key and uses it as a bearer token for the service API. This is expected for the stated integration, but it is still account authority that should be protected.
requires:\n env:\n - SENSEAUDIO_API_KEY ... Authorization: Bearer $SENSEAUDIO_API_KEY
Use a limited-scope key if available, keep it out of shared logs or prompts, and rotate it if you suspect exposure.
Private speech, travel details, medical phrases, or conversations may be transmitted to external providers as part of translation.
The workflow sends recorded audio to SenseAudio for transcription and uses an LLM/TTS flow for translation and playback. This is purpose-aligned, but spoken content and transcripts may be sensitive.
[按住录音] → ASR识别中文 → LLM场景化翻译 → TTS合成外语语音 ... curl https://api.senseaudio.cn/v1/audio/transcriptions -F file="@recording.wav"
Avoid recording highly sensitive information unless you trust the provider’s privacy terms, and review SenseAudio and any chosen LLM provider’s data handling policies.
The skill may create local audio files and play them on the device during use.
The examples run local Python code, write an MP3 file, and invoke a local audio player. This is aligned with playing translated speech and uses fixed arguments rather than shell-expanded user input.
| python3 -c "... open('/tmp/translated.mp3','wb').write(audio) ... subprocess.run(['play','/tmp/translated.mp3'])"Run it only in an environment where local audio playback and temporary audio files are acceptable; delete generated files if they contain sensitive content.
A user following the Python example may need to install an extra package or audio playback tool that is not fully specified in the requirements.
The documented Python example imports the third-party requests package, while the declared requirements only list curl and python3. This is a setup completeness gap, not evidence of hidden installation.
requires:\n bins:\n - curl\n - python3 ... import requests
Install any missing packages or playback tools from trusted sources, and prefer pinned versions if turning the example into a reusable script.