v2.0.1

Voice Notes Pro

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:28 AM.

Analysis

The skill matches its stated purpose, but it handles private WhatsApp audio, requires an undeclared OpenAI key, logs full transcriptions, and writes to hard-coded root-owned note paths.

GuidanceReview this skill before installing. It appears purpose-built for WhatsApp voice-note transcription, but you should configure where notes are written, avoid running it with unnecessary root privileges, provide only the intended OpenAI key, and disable or redact transcript logging before using it with private messages.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

voice-notes-pro.js

directories: { songs: '/root/notes/songs', tasks: '/root/notes/tasks', shopping: '/root/notes/lists', ideas: '/root/notes/ideas', people: '/root/notes/people', watchlist: '/root/notes/watchlist' }

The skill hard-codes filesystem write targets under /root/notes for multiple categories instead of using a declared, configurable user notes directory.

User impactInstalling users may unintentionally grant the skill root-level write context or have notes written to an unexpected protected location.

RecommendationMake the notes base directory configurable, default to the installing user's home directory, declare required write paths in metadata, and confirm first-time directory creation.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

package.json

"dependencies": { "openai": "^4.28.0" }, "main": "skill.js"

The package pulls an external npm dependency with a semver range, and the declared main file does not match the included voice-notes-pro.js file.

User impactInstallation may fetch updated dependency versions and may not load the intended file without additional packaging fixes.

RecommendationPin dependencies or include a lockfile, align the package entrypoint with the actual skill file, and add a registry install spec that reflects the npm setup.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

voice-notes-pro.js

const apiKey = process.env.OPENAI_API_KEY; if (!apiKey) { throw new Error('OPENAI_API_KEY not found in environment variables'); }

The code requires an OpenAI API key, while the registry metadata declares no required environment variables or primary credential.

User impactUsers may not realize before installation that the skill needs access to their OpenAI account and may incur API usage costs.

RecommendationDeclare OPENAI_API_KEY as a required environment variable or credential and document the exact OpenAI use and expected cost/privacy implications.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

voice-notes-pro.js

console.log(`? Transkrypcja: "${transcription}"`);

The skill logs the complete transcription of a WhatsApp voice note, creating an extra disclosure or retention path beyond the intended Markdown note files.

User impactPrivate dictated content could appear in OpenClaw or gateway logs where it may be visible to administrators or anyone with log access.

RecommendationRemove full transcript logging by default, redact sensitive content, and document any debug logging as an explicit opt-in.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

voice-notes-pro.js

const response = await client.audio.transcriptions.create({ file: audioFile, model: CONFIG.whisper.model, language: CONFIG.whisper.language });

The skill sends the audio file contents to OpenAI Whisper for transcription. This is disclosed in SKILL.md and aligned with the stated purpose, but it is still a sensitive external data flow.

User impactWhatsApp voice-note audio leaves the local environment and is processed by OpenAI.

RecommendationEnsure users understand this external processing, and provide options for consent, size limits, and alternative local transcription if needed.