Back to skill
Skillv3.3.3
VirusTotal security
local-voice-reply · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 5:32 AM
- Hash
- 035827ea6e15527a91c38bbe6c9331d3ef86177aeb98204f785800355cd0e38d
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: local-voice-reply Version: 3.3.3 The skill bundle provides a legitimate local text-to-speech (TTS) pipeline using FastAPI, ChatterboxTTS, and ffmpeg. The code in 'server/voice_engine.py' and 'server/voice_server_v3.py' is well-structured and includes security best practices such as path traversal guards (using .relative_to() checks) and safe subprocess execution (using argument lists instead of shell strings). While 'SKILL.md' contains a hardcoded local path ('C:\Users\hanli\...') in its instructions to the agent, this appears to be a developer artifact rather than a malicious injection. The high-risk capabilities (file system access and subprocess execution) are strictly aligned with the stated purpose of generating and managing audio files.
- External report
- View on VirusTotal