Telegram Voice Messaging Recovery

The skill bundle contains a shell injection vulnerability in `scripts/voice_handler.py`, where the `audio_to_text` function executes `ffmpeg` via `subprocess.run(shell=True)` using unsanitized f-string input for the file path. Additionally, the `scripts/install.sh` script performs high-privilege operations, including `apt-get install` and creating directories in the root user's home folder (`/root/.openclaw/tts`). While these behaviors are consistent with the stated purpose of restoring a voice messaging system, the lack of input sanitization and the requirement for root execution pose significant security risks.