ClawHub
Back to plugin

Security audit

VOICEVOX

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward VOICEVOX text-to-speech provider that sends requested speech text to a configured VOICEVOX Engine, defaulting to localhost.

Install only if you intend OpenClaw to use VOICEVOX for TTS. Keep the VOICEVOX Engine bound to localhost or protect it with trusted network controls, because the engine has no built-in authentication and any remote baseUrl will receive the text OpenClaw asks it to synthesize.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
openclaw.plugin.json:21
Evidence
"default": "http://127.0.0.1:50021",