ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Video Chat With Me

Real-time AI video chat that routes through your OpenClaw agent. Uses Groq Whisper (cloud STT), edge-tts (cloud TTS via Microsoft), and OpenClaw chatCompletions API for conversation. Your agent sees your camera, hears your voice, and responds with its own personality and memory. Requires: GROQ_API_KEY for speech recognition. Reads ~/.openclaw/openclaw.json for gateway port and auth token. Data flows: audio → Groq cloud (STT), TTS text → Microsoft cloud (edge-tts), camera frames (base64) + text → OpenClaw gateway → your configured LLM provider (may be cloud — frames leave the machine if using a cloud LLM). Installs a persistent launchd service (optional). Trigger phrases: "video chat", "voice call", "call me", "视频一下", "语音", "打电话给我", "我要和你视频", "videochat-withme".

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 899 · 2 current installs · 2 all-time installs
by@sxu75374
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the actual behavior: python+ffmpeg server that sends audio to Groq Whisper (GROQ_API_KEY) and routes camera frames/text to the OpenClaw gateway for chatCompletions. Declared required binaries and config (gateway.http) align with these needs. Minor concern: source/homepage missing which reduces trust.
Instruction Scope
SKILL.md and scripts instruct the agent to read ~/.openclaw/openclaw.json and ~/.openclaw/secrets/groq_api_key.txt, run setup.sh, install Python deps and mkcert, generate certs, and start a FastAPI server that encodes camera frames as base64 and POSTs them to the gateway. All of this is coherent with the stated purpose but grants the skill broad access to camera frames, microphone audio, and your agent session.
Install Mechanism
No centralized install spec, but included setup.sh will install Python packages via pip, use brew to install ffmpeg/mkcert if available, generate local certs, and write a launchd plist. These are common but modify the system (LaunchAgents, pip installs). There are no suspicious remote download URLs in the provided scripts.
!
Credentials
GROQ_API_KEY is expected. The skill reads the OpenClaw gateway auth token from ~/.openclaw/openclaw.json (not declared as an env var) and uses it to call /v1/chat/completions as the main agent. That token effectively gives the skill access to the agent's full memory, personality, and tools — a high‑privilege credential that has broad consequences if misused.
!
Persistence & Privilege
setup.sh optionally installs a LaunchAgent that auto-starts the HTTP server (persistent, starts at login). Persistent service combined with reading the gateway token and sending camera frames to the agent increases risk: the service could be triggered without explicit user action and route sensitive data to a cloud LLM if the gateway forwards externally.
Scan Findings in Context
[base64-block] expected: The SKILL.md and server.py explicitly encode camera frames as base64 and send them to the gateway. The base64 pattern match is expected for an application that posts images as data URLs.
What to consider before installing
This skill's functionality matches its description, but it carries elevated privacy and privilege implications. Before installing: 1) Note the source is unknown and there's no homepage—exercise caution. 2) Review server.py and setup.sh yourself (they are included) — verify exactly how the OpenClaw gateway token is read/used. 3) Understand that the skill reads your GROQ key and the OpenClaw gateway auth token (from ~/.openclaw/openclaw.json) — that gateway token grants access to the agent's memory/tools and can route frames to cloud LLMs. 4) If you install, consider running without the LaunchAgent first (use start.sh directly) and test locally, or run in a sandboxed account/container. 5) If you require privacy: configure your OpenClaw gateway to use a local/self‑hosted model (so frames don’t leave your machine), or do not provide the gateway auth in the config. 6) If you’re not comfortable auditing or trusting the author, do not install. Rotating credentials after removal and checking /tmp/videochat-withme.log and the created LaunchAgent plist are good post‑install checks.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.0
Download zip
latestvk97eda740btntn7fwp929qgwph8116m6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎥 Clawdis
Binspython3, ffmpeg
EnvGROQ_API_KEY
Configgateway.http

SKILL.md

videochat-withme

Real-time video call with your OpenClaw agent — full personality, memory, and vision.

First-Time Setup

New users run once after installing the skill:

bash skills/videochat-withme/scripts/setup.sh

This handles everything: dependencies, Groq API key, SSL certs, launchd service.

Prerequisites

  • macOS (launchd required)
  • Python 3.10+, ffmpeg
  • OpenClaw gateway running with chatCompletions enabled

Groq API Key (required for voice recognition)

  1. Get a free key at: https://console.groq.com/keys
  2. Save it: 
    mkdir -p ~/.openclaw/secrets
echo "your-key-here" > ~/.openclaw/secrets/groq_api_key.txt
    Or set env var: export GROQ_API_KEY="your-key-here"

Enable chatCompletions

Add to ~/.openclaw/openclaw.json:

{
  "gateway": {
    "http": {
      "endpoints": {
        "chatCompletions": { "enabled": true }
      }
    }
  }
}

Then restart OpenClaw.

How to Use (Agent Instructions)

When the user requests a video/voice call:

Step 1: Check if service is running:

curl -sk https://localhost:8766/api/config 2>/dev/null || curl -s http://localhost:8766/api/config 2>/dev/null

Step 2: If no response, setup needed:

  1. Check Groq key: cat ~/.openclaw/secrets/groq_api_key.txt 2>/dev/null
  2. Ask user: "What name should I display for you in the video call?"
  3. Run setup: 
    bash skills/videochat-withme/scripts/setup.sh --auto --agent-name "YourName" --user-name "TheirName"

Step 3: Initiate the call based on context:

Determine how the user is connecting and pick the best method:

  1. User is at the computer (message from webchat/desktop):

    bash skills/videochat-withme/scripts/call.sh

    This pops up a macOS incoming call notification → user clicks Accept → browser opens.

  2. User is on mobile/remote (message from Telegram/phone): Pick the right URL automatically:

    # Prefer Tailscale IP (works from any network)
TS_IP=$(tailscale ip -4 2>/dev/null)
# Fallback to local IP (same WiFi only)
LOCAL_IP=$(python3 -c "import socket; s=socket.socket(socket.AF_INET,socket.SOCK_DGRAM); s.connect(('8.8.8.8',80)); print(s.getsockname()[0]); s.close()" 2>/dev/null)
    • If Tailscale is available → send https://<tailscale-ip>:8766 (works everywhere)
    • Otherwise → send https://<local-ip>:8766 (same WiFi only)
    • Note: first visit requires tapping "Advanced → Continue" (self-signed cert)

Architecture

🎤 Voice → Groq Whisper (STT)
📷 Camera → base64 frame
    ↓
OpenClaw /v1/chat/completions → Your Agent
    ↓
edge-tts (TTS) → 🔊 Audio playback

Scripts

Agent runs these automatically:

ScriptWhen
setup.sh --autoFirst use (service not running)
call.shEvery call request

User can run manually if needed:

ScriptPurpose
setup.shInteractive setup (without --auto)
start.shStart service
stop.shStop service

Configuration

VariableDefaultDescription
GROQ_API_KEY(secrets file)Groq API key for Whisper STT
PORT8766Server port
AGENT_NAMEAI AssistantDisplay name for the agent
USER_NAMEUserDisplay name for the user
SSL_CERT(auto-detect)Path to SSL certificate
SSL_KEY(auto-detect)Path to SSL private key

Files

8 total
Select a file
Select a file to preview.

Comments

Loading comments…