Telegram - Conversa por Áudio (PICOCLAW)

This skill's code implements voice-to-voice processing and appears to do what it claims, but there are deployment mismatches and operational risks to consider before installing: - Required secrets/deps: The SKILL.md and scripts require GROQ_API_KEY (transcription) and rely on Python packages (groq, edge_tts), but the registry metadata declares no env vars or install steps. Do not run it without supplying GROQ_API_KEY and installing those packages in a controlled environment. - Installation: Add a clear dependency/install step (pip install groq edge_tts ...) or run in a virtualenv/container. Avoid running arbitrary code without pinning package versions. - Privileges & paths: The scripts use hardcoded /root/.picoclaw paths and /tmp/picoclaw_media and instruct starting a persistent nohup process; consider adjusting paths to a less-privileged user and run the watcher under a managed service/sandbox (systemd unit, container) rather than as root. - Environment leakage: finalize_reply/other scripts pass os.environ.copy() to subprocesses — ensure no sensitive environment variables are present or sanitize env before running. - Cleanup policy: The cleanup script deletes .json files and audio older than 15 days in the skill state directories. Confirm this retention policy is acceptable and that important metadata won't be removed unintentionally. - Network & secrets: Transcription and TTS call external services; ensure you trust the services and the provided API key scope. Monitor outbound network usage. If you want to proceed safely: request an install manifest from the author (requirements.txt or pyproject), confirm required env vars in registry metadata (GROQ_API_KEY, optional PICOLAW_CHAT_ID), run the skill in a container or dedicated service account, and review logs during an initial test. If the author cannot supply a dependency list or explain the /root path choice, treat the package with extra caution.