Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared binaries (edge-tts and ffmpeg) and the included code align with sending TTS voice messages to Telegram groups. However the documentation recommends granting the bot broad admin permissions (Delete, Restrict, Ban, Add Admins) that are disproportionate to the stated function of sending voice messages. USE_CASES also describes web aggregation (Reddit/Twitter via web_fetch and bird CLI) which is not represented in required binaries or env vars — this is scope creep.
Instruction Scope
Runtime instructions and code are focused on generating TTS, converting to OGG/Opus, and sending via @openclaw/core message APIs. Problems: (1) index.js incorrectly extracts the group ID from a full session key (split index is wrong), which will break or misaddress messages; (2) the code uses child_process.exec with interpolated text (insufficient escaping), which can lead to shell injection if untrusted input is passed; (3) docs and USE_CASES suggest fetching and summarizing external web content (Reddit/Twitter) and running additional CLIs, though these tools are not declared as required — that capability could be used to aggregate and post external content to Telegram and represents scope expansion beyond the simple send-voice use case.
Install Mechanism
There is no install spec (instruction-only), which minimizes download risk. The package includes JS and a bash script but does not request external downloads. It does require the runtime availability of '@openclaw/core' (not listed in package.json deps) and the system binaries edge-tts and ffmpeg.
Credentials
The skill requests no environment credentials (which is appropriate), but the documentation instructs operators to give the OpenClaw bot elevated Telegram admin permissions (including banning and adding admins). Those elevated permissions are not necessary merely to send voice messages and enlarge the operational blast radius of the bot if misused. No other env vars or secrets are requested, which is reasonable.
Persistence & Privilege
The skill does not set always:true and does not modify other skills or system-wide settings. Autonomous model invocation is allowed by default (expected). The only persistent privilege recommendation is in the docs asking for broad Telegram admin rights for the bot — this is an external permission request rather than skill installation behavior, but it is noteworthy.
What to consider before installing
This skill appears to implement what it claims (generate TTS, convert with ffmpeg, and send to Telegram), but there are several concerns you should address before installing or enabling it: 1) Do not blindly grant the OpenClaw bot broad admin permissions (ban/add-admins/delete). For sending voice messages, send permissions/media are enough; avoid add-admins/ban/restrict unless you fully trust the bot. 2) The index.js has a bug extracting the group ID from a session key (it uses the wrong split index) — test that group/thread addressing works and correct the code (use the correct segment index). 3) The code invokes shell commands via child_process.exec with user-provided text; this can enable command injection. Prefer execFile/spawn with argument arrays or properly escape/sanitize input. 4) The docs suggest optional web aggregation (Reddit/Twitter) and extra CLIs — if you enable those flows, be aware the skill could collect external content and post it to your groups; only enable such integrations when you understand and trust them. 5) Verify that '@openclaw/core' messaging functions behave as expected in your environment and that temporary files are handled securely. If you are uncomfortable with these issues, test the skill in an isolated environment first, or request a corrected version that fixes the groupId parsing and avoids shell interpolation of unsanitized input.Like a lobster shell, security has layers — review code before you run it.
latestvk97chnrrgfge1gn253t82pmakx80df6q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔊 Clawdis
OSLinux
Binsffmpeg, edge-tts