ClawHub

Telegram Voice Messaging Recovery

Security checks across malware telemetry and agentic risk

Overview

This voice recovery skill is mostly purpose-aligned, but it needs review because it can send reply text to hosted Edge/Microsoft TTS despite offline/local framing and includes unsafe shell command handling for audio paths.

Install only after reviewing the script and accepting that TTS text may be sent to Microsoft/Edge TTS and generated audio may remain cached under ~/.openclaw/tts. Patch the shell=True ffmpeg call before using it on untrusted Telegram/OpenClaw media paths, pin or vet dependencies, and confirm the missing transcribe-audio helper is supplied.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if audio_file.endswith('.ogg'):
                wav_file = tempfile.mktemp(suffix=".wav")
                cmd = f"ffmpeg -i '{audio_file}' -ar 16000 -ac 1 '{wav_file}' -y 2>/dev/null"
                subprocess.run(cmd, shell=True, check=True)
                audio_file = wav_file
            
            # Transcribe with faster-whisper
Confidence
98% confidence
Finding
subprocess.run(cmd, shell=True, check=True)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The installer presents the skill as an offline/local voice system, but it explicitly configures Edge TTS as a hosted service. This mismatch can mislead users about privacy and network behavior, causing them to send text to an external provider when they reasonably expect fully local processing.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The installation summary says it restores local Edge TTS helpers, but the configured provider is a hosted remote service. This is a trust and transparency issue that may cause operators to deploy the skill in privacy-sensitive environments under false assumptions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The installer performs network package installation via pip without clearly informing the user that it will download and execute third-party packages from external sources. In a skill installer context, undisclosed external dependency retrieval increases supply-chain and operational risk, especially in restricted or high-trust environments.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script configures and advertises a hosted Edge TTS service without an upfront privacy warning, despite the skill branding suggesting offline/local voice handling. In this context, that makes the issue more dangerous because users may unknowingly transmit potentially sensitive prompt or response text to an external provider during normal operation and even during installation testing.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The function sends arbitrary input text to the `edge_tts` network service, which can expose sensitive or proprietary content to an external provider without any notice, consent, or classification checks. In a skill or agent environment, users may assume local processing, making this data-transfer behavior materially risky.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal