Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Discord Local STT/TTS Installer (macOS)
v0.1.1(macOS) Discord voice assistant installer. Install/update discord-local-stt-tts (Discord voice, Discord local, local STT + local TTS) from GitHub Releases.
⭐ 0· 541·1 current·1 all-time
by@vilmire
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included installer script: it downloads the latest GitHub release for vilmire/discord-local-stt-tts, backs up any existing plugin, copies files to ~/.openclaw/openclaw-extensions/plugins/..., and optionally runs pnpm build. Required tools listed in SKILL.md (curl, python3, unzip, ffmpeg, optional pnpm) align with the script's behavior.
Instruction Scope
SKILL.md directs the user to run bin/install.sh which performs network downloads from api.github.com/github.com and writes into the user's ~/.openclaw plugin directory — this is expected. However the script contains a bug: the embedded Python heredocs are quoted (<<'PY') so the shell variable $LATEST_JSON will not be expanded inside the heredoc; Python will attempt to open the literal filename '$LATEST_JSON' and fail, causing the installer to exit. Also the script conditionally runs pnpm i && pnpm build inside the installed repo — that will execute upstream build scripts which can run arbitrary code from the release.
Install Mechanism
No package manager installs are declared by the skill; the script downloads release zipballs from GitHub (a well-known host) and extracts them. Download+extract from GitHub Releases is reasonable, but note the installer will execute project build scripts if pnpm is present, which elevates risk: build scripts from the repo run locally. The script writes into a user-owned application extension folder and creates a timestamped backup of any existing install.
Credentials
The skill requests no credentials or environment variables. It only uses standard shell variables (HOME, temporary dirs) and network access to GitHub, which is proportional to the stated purpose.
Persistence & Privilege
always:false and user-invocable:true. The skill does not request permanent platform-wide privileges and only modifies its own plugin directory (and creates a backup). It does not modify other skills or global agent configuration.
What to consider before installing
This installer largely does what it says (download a GitHub release and install it into your OpenClaw plugin folder), but be aware of two practical concerns before running it: (1) the script currently has a bug that will likely abort the install because the Python heredocs are quoted and the $LATEST_JSON path is not expanded; you can fix it by allowing variable expansion (e.g., change <<'PY' to <<PY) or call Python with the filename as an argument (python3 -c "import json,sys;print(json.load(open(sys.argv[1]))['tag_name'])" "$LATEST_JSON"). (2) If pnpm is installed, the installer will run pnpm i && pnpm build inside the downloaded repo — that executes upstream build scripts which can execute arbitrary commands on your machine. To reduce risk: inspect the repository/release contents manually before installing, run the installer in a restricted environment or VM, avoid having pnpm installed if you don't want automatic builds, or run the build step manually after reviewing package scripts. Also confirm you trust the repository owner and the GitHub release you are installing; the script downloads and extracts code from that release into your home directory (it does create a .bak backup of any existing plugin).Like a lobster shell, security has layers — review code before you run it.
latestvk971wa4v4d2b7vmmtk14a8ncmn81g6v9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.