Skillv1.0.0

ClawScan security

Mic Recorder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 2:26 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description (record microphone and send to Feishu) matches its instructions, but the SKILL.md omits required binaries/credentials and relies on local Automator app behaviour and file paths in ways that are inconsistent or under-specified — the omissions and the fact that it will record and transmit audio are reasons to be cautious.
Guidance: This skill will record microphone audio and send the resulting file to a Feishu channel. Before installing/using it: - Understand it will capture sensitive audio and transmit it externally — confirm you trust the Feishu destination and know which account/channel will receive files. - The SKILL.md assumes an Automator app (~/.openclaw/tools/RecordMic.app) and uses ffmpeg and the macOS open command, but the skill metadata declares no required binaries. Make sure ffmpeg is installed from a trusted source and that RecordMic.app’s workflow is exactly what you expect before granting microphone access. - Verify where credentials for Feishu come from (platform-provided 'message' API or stored tokens). If the skill requires Feishu API keys, ask the author for explicit required env vars and minimal-scope credentials. - Check the RecordMic.app contents (document.wflow) before running to ensure it only executes the expected ffmpeg and copy commands and doesn't run arbitrary code. - If you need a safer setup, request the author to: (1) declare required binaries (ffmpeg, open), (2) list required credentials or confirm use of platform-managed messaging, and (3) provide a checksum or source for RecordMic.app or an alternative install script so you can inspect what will run. I rate this suspicious rather than malicious because the behavior matches the stated purpose but important operational details and dependencies are omitted, and the skill handles highly sensitive data (microphone audio) that will be transmitted externally.

Review Dimensions

Purpose & Capability: notePurpose (record mic and send to Feishu) aligns with the instructions: it instructs creating an Automator RecordMic.app that runs ffmpeg, writes a WAV to /tmp, denoises it, and copies it into ~/.openclaw/workspace for sending. However the declared metadata claims no required binaries or credentials, while the instructions clearly rely on system binaries (open, ffmpeg) and an outbound messaging facility (message(action="send", channel="feishu")). The omission of these requirements is an inconsistency.
Instruction Scope: noteSKILL.md gives concrete runtime steps (open RecordMic.app, ffmpeg denoising commands, specific paths like /tmp/openclaw_recording.wav and ~/.openclaw/workspace/recording_latest.wav). These are within the stated purpose, but the instructions also tell the operator to inspect and edit Automator workflow contents (document.wflow) and rely on RecordMic.app to auto-copy files into workspace. The agent instructions reference local filesystem paths and expect microphone permission — appropriate for a recorder but should be explicitly declared.
Install Mechanism: okNo install spec (instruction-only). That is lower risk. Note: the skill expects the user to create an Automator app and for ffmpeg to be available; the skill does not provide an install or verify ffmpeg/other binaries are present.
Credentials: concernNo environment variables or credentials are declared, yet the skill sends audio to Feishu using message(..., channel="feishu"). Sending to Feishu typically requires API credentials or platform-managed integration; the SKILL.md does not explain where credentials come from. Also it uses sensitive resources (microphone audio) and transmits them — this privacy-risk is not addressed in the instructions.
Persistence & Privilege: okalways is false and there is no install writing to system locations. The skill relies on a user-created Automator app and workspace copies; it does not request elevated or persistent platform privileges in metadata.