Back to skill

Security audit

openclaw-feishu-voice-free

Security checks across malware telemetry and agentic risk

Overview

This voice-chat skill has a coherent purpose, but it ships sensitive configuration and exposes broadly reachable voice-processing services that need careful review before use.

Review before installing. Replace the bundled openclaw.json with a minimal config, rotate any exposed secrets if they are real, bind services to 127.0.0.1 or firewall them, avoid running the services as root, and only clone voices with explicit permission. Do not use remote clone mode unless you trust the endpoint and accept sending biometric voice data off-device.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The README markets the skill as 'completely offline', but later instructions explicitly require network access to download models from HuggingFace and note that using repo IDs can trigger automatic downloads at first run. This is a documentation integrity issue that can mislead operators about network exposure, supply-chain contact, and privacy expectations.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill is designed to automatically process inbound voice messages and generate voice replies, but the README does not prominently warn administrators or end users about privacy implications of recording, transcription, retention, and local handling of potentially sensitive audio. Even if processing is local, silent automatic capture and transformation of user speech can create compliance and consent risks.

Missing User Warnings

High
Confidence
95% confidence
Finding
The README advertises cloning arbitrary voices without any warning about impersonation, consent, fraud, or misuse. Voice cloning is highly sensitive functionality, and presenting it without safeguards or responsible-use guidance materially increases the risk of abuse in social engineering or identity spoofing scenarios.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Remote mode base64-encodes and sends the user's reference audio and transcription text to an arbitrary server URL, which can expose highly sensitive biometric voice data and private content. In a voice-cloning tool this context makes the issue more serious, because reference samples are uniquely identifying and may be reused or retained by the remote endpoint.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.